This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

My login application accepts any and all username/passwords.

 
John Piper
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm working on a login that verifies the username/password against a Oracle database via a jdbc connection. I have a page that the application forwards to when the login entered is correct and a page that it forwards to when the login is incorrect. Problem is no matter what username/password that is put in it forwards to the correct login page.

Any help is greatly appreciated. Here is my code:


My login form index.jsp


Correct login page userLogged.jsp


Incorrect login page invalidLogin.jsp


LoginServlet.java


UserDAO.java


UserBean.java


ConnectionManager.java
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The UserDAO class is missing an else in a crucial spot.
 
John Piper
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:The UserDAO class is missing an else in a crucial spot.


You sir are a gentleman and a scholar. Thank you! That finally fixed it.
 
Rafael Rque
Greenhorn
Posts: 10
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why dont you use PreparedStatement and get rid of all these ' ?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why dont you use PreparedStatement and get rid of all these ' ?

Indeed you should. As it is, the code is wide open to SQL injection attacks.
 
chris webster
Bartender
Posts: 2407
32
Linux Oracle Postgres Database Python Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:As it is, the code is wide open to SQL injection attacks.


Also, do you really want to pass your password around as clear text? Just a thought....
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic