This week's book giveaway is in the Java in General forum.
We're giving away four copies of Think Java: How to Think Like a Computer Scientist and have Allen B. Downey & Chris Mayfield on-line!
See this thread for details.
Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

case sensitive Login authentication

 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i want to use admin as username & password. But my code is accepting the string as ADMIN/Admin/aDmin.. etc. How to restrict it ?



using this code i am getting error as :Invalid cursor position.
All working good for the if statement :

but it accepts string with uppercase & lowercase letters. :(

Can you guys help me regarding this..
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64824
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are getting an error, it's not likely executing your comparison code at all. Fix the error, and institute proper exception handing in your application by declaring an error handler in your deployment descriptor.
 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault, can you tell me whether i have written the if statement correctly or not ?
Among all those commented statements, which one should i prefer ?

i have written the code in try catch block..its saying, java.sql.SQLException: Invalid cursor position


java.sql.SQLException: Invalid cursor position
at com.sun.rowset.CachedRowSetImpl.checkCursor(CachedRowSetImpl.java:1611)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:1697)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:2482)
at controller.LoginController.doPost(LoginController.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for quick reply Bear Bibeault :)
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64824
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
equals() will perform a case-sensitive comparison.

Until the error is fixed, however, it won't be executed.

And as I said, don't try/catch locally; establish a central error handler via the deployment descriptor that will handle exceptions in a consistent manner across the application.
 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ohh ok.. Thanks for suggesion Bear Bibeault.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64824
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would also suggest that you consider using something more secure if this isn't just practice code. You can use the built-in security system, or something like Shiro.

At minimum, you should not be storing passwords in clear text in the database.
 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
its not a practice code Bear Bibeault, but i am supposed to use database tables only. :-|
But thanks for the information. :-)
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64824
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Who said not to use the database? But you should, at minimum, be hashing the passwords for security. Ideally, you'd use a security package that already has the bugs worked out.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You must use a one-way hash or hmac on the password that you store in your database. Its simply unacceptable to store passwords in the clear in a database.
 
Poonam Dhatavkar
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Pat Farrell and Bear Bibeault.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic