aspose file tools*
The moose likes Java Micro Edition and the fly likes failing to get login right from servlet and midlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "failing to get login right from servlet and midlet" Watch "failing to get login right from servlet and midlet" New topic
Author

failing to get login right from servlet and midlet

Kenneth Owino
Greenhorn

Joined: Aug 09, 2010
Posts: 23
Hi every one! I am failing to get login right. The code i have below is to input username and password from a midlet, send it to a servlet using post method, check the user name and password in the servlet with a mysql database and then send response to the midlet to either cahange to another displayable or to try again. the problem i get is that either my servlet code for checking username and password isn't correct and also maybe the servlet response is not sent to the midlet. I even think my method for sending response to the midlet is wrong but don't know a better way to do it. some one help please.
midlet code:


servlet code
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Hi Kenneth and welcome to Javaranch, what error message are you getting?


Cheers, Martijn - Blog,
Twitter, PCGen, Ikasan, My The Well-Grounded Java Developer book!,
My start-up.
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
While I don't know what's going on, I see three security problems with the code:

1) Since the server doesn't sanitize the DB inputs, it's vulnerable to SQL injection attacks; you really should be using a PreparedStatement.

2) Don't send login information via GET; use POST instead. Using GET the password is stored in numerous places (like caches, access and log files, etc.) that really have no business recording such information.

3) Also, it seems that passwords are stored in the DB as plain text - another no-no. Stored passwords should be hashed (using an algorithm like SHA-2) so that they can't be retrieved.
Kenneth Owino
Greenhorn

Joined: Aug 09, 2010
Posts: 23
hi. thanks for the reply. there are no error messages i receive but the program fails to display an output as required. i tested it and found that the response from the servlet is not null but it seems it is in a format that cannot be understood by the midlet. could you please check my method of sending response and maybe the way the midlet handles the response and give me a correction or better code. i think my problem is around there but i cannot figure out what to do
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: failing to get login right from servlet and midlet