File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes password hashingsalting in struts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "password hashingsalting in struts" Watch "password hashingsalting in struts" New topic
Author

password hashingsalting in struts

Aditi agarwal
Ranch Hand

Joined: Feb 23, 2011
Posts: 225
please can anyone give me an idea how to use password hashingsalting in struts 1.x

please help me

thank you
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8867
    
    8

Struts is an implementation of a Front Controller pattern. It has nothing to do with how one handles passwords.
You probably either want to use MessageDigest to create a hash of the password or use something like container managed security to delegate that task to the server.


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
Aditi agarwal
Ranch Hand

Joined: Feb 23, 2011
Posts: 225
thanks for your reply joe actually i cannot undertand your reply sorry for that but i would like to tell you that i have used Hashing&Salting method but the problem is i am using sessions even after invalidating them my project stop working due to sessions problem only
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8867
    
    8

Aditi agarwal wrote: the problem is i am using sessions even after invalidating them my project stop working due to sessions problem only


You are going to have to give us some more details. What do you mean your project "stops working"? How do you know sessions are causing this? What does password hashing have to do with this problem?
Aditi agarwal
Ranch Hand

Joined: Feb 23, 2011
Posts: 225
After introducing this code my application doesnot even allow me to login what should i do in this case
please help me the code is as follows:-

my code for password hashing & salting is :-

userloginform.java



userloginaction.java






userLogin.jsp



Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8867
    
    8

Never ever Ever EVER do this:

If there's an exception in your code, you'll never know.
Sean Clark
Rancher

Joined: Jul 15, 2009
Posts: 377

Hey,

I believe that there are a number of problems that are contributing to this not working.
Firstly I'm not sure you understand what the reason why you are hashing and salting and how it works (well your code suggests that). http://stackoverflow.com/questions/696629/how-does-hashing-and-salting-passwords-make-the-application-secure seems like a good explanation especially the post by Visage about the 4th down.

These are the problems as I see them:
1) You are creating a new hash each time a user comes to login, however you should either be a) Using a system-wide salt where all users are given the same salt. b) Generating a random salt for each user and storing that in the database and using it when they attempt to log in. c) use another property (such as username) as the salt.
As you can probably guess, b) would probably the the best.
So you should not have this: on your userLogin.jsp

2) In your checking code you have: You seem to be hashing and salting the password that you are retrieving from the database, but you should be hashing and salting the password that the user has entered and then comparing that to the password you have stored in the database (which should have already been hashed and salted - which is why you always need to use the same salt...).

Hope this helps.

Sean


I love this place!
 
 
subject: password hashingsalting in struts