wood burning stoves 2.0
The moose likes Servlets and the fly likes Protecting Credentials from mobile application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Protecting Credentials from mobile application" Watch "Protecting Credentials from mobile application" New topic

Protecting Credentials from mobile application

Prashanth Nair

Joined: May 13, 2004
Posts: 21

We have a Service oriented middle layer servlet which would respond to the requests from a mobile device. The Servlet will handle the business logic and will return a view object like json or xml to the device. We have a scenario where the user passes in his username & password for the initial login. Do you have a solution to encrypt this credentials when its read in the request parameter, so that the developer wont be able to see it or print it to the logs?

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2904

If you're passing credentials, pass them over SSL channel.

If you're looking for more secured and _standard_ solution and do not want user to pass his/her credentials from mobile app, there is very famous protocol exist: OAuth 2 (http://oauth.net/) which is perfectly fit for such requirement.

[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
I agree. Here's the link: http://aspose.com/file-tools
subject: Protecting Credentials from mobile application
It's not a secret anymore!