File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes My login application accepts any and all username/passwords. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "My login application accepts any and all username/passwords." Watch "My login application accepts any and all username/passwords." New topic
Author

My login application accepts any and all username/passwords.

John Piper
Greenhorn

Joined: Mar 27, 2011
Posts: 12
I'm working on a login that verifies the username/password against a Oracle database via a jdbc connection. I have a page that the application forwards to when the login entered is correct and a page that it forwards to when the login is incorrect. Problem is no matter what username/password that is put in it forwards to the correct login page.

Any help is greatly appreciated. Here is my code:


My login form index.jsp


Correct login page userLogged.jsp


Incorrect login page invalidLogin.jsp


LoginServlet.java


UserDAO.java


UserBean.java


ConnectionManager.java
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41524
    
  53
The UserDAO class is missing an else in a crucial spot.


Ping & DNS - my free Android networking tools app
John Piper
Greenhorn

Joined: Mar 27, 2011
Posts: 12
Ulf Dittmer wrote:The UserDAO class is missing an else in a crucial spot.


You sir are a gentleman and a scholar. Thank you! That finally fixed it.
Rafael Rque
Greenhorn

Joined: Mar 25, 2010
Posts: 10
Why dont you use PreparedStatement and get rid of all these ' ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41524
    
  53
Why dont you use PreparedStatement and get rid of all these ' ?

Indeed you should. As it is, the code is wide open to SQL injection attacks.
chris webster
Bartender

Joined: Mar 01, 2009
Posts: 1650
    
  14

Ulf Dittmer wrote:As it is, the code is wide open to SQL injection attacks.


Also, do you really want to pass your password around as clear text? Just a thought....


No more Blub for me, thank you, Vicar.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: My login application accepts any and all username/passwords.