File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Protecting Credentials from mobile application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Protecting Credentials from mobile application" Watch "Protecting Credentials from mobile application" New topic
Author

Protecting Credentials from mobile application

prashanthNair
Greenhorn

Joined: May 13, 2004
Posts: 18
Hi,

We have a Service oriented middle layer servlet which would respond to the requests from a mobile device. The Servlet will handle the business logic and will return a view object like json or xml to the device. We have a scenario where the user passes in his username & password for the initial login. Do you have a solution to encrypt this credentials when its read in the request parameter, so that the developer wont be able to see it or print it to the logs?

Thanks
Prashanth
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

If you're passing credentials, pass them over SSL channel.

If you're looking for more secured and _standard_ solution and do not want user to pass his/her credentials from mobile app, there is very famous protocol exist: OAuth 2 (http://oauth.net/) which is perfectly fit for such requirement.


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Protecting Credentials from mobile application