Meaningless Drivel is fun!*
The moose likes JSP and the fly likes case sensitive Login authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "case sensitive Login authentication" Watch "case sensitive Login authentication" New topic
Author

case sensitive Login authentication

Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
i want to use admin as username & password. But my code is accepting the string as ADMIN/Admin/aDmin.. etc. How to restrict it ?



using this code i am getting error as :Invalid cursor position.
All working good for the if statement :

but it accepts string with uppercase & lowercase letters. :(

Can you guys help me regarding this..
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60791
    
  65

If you are getting an error, it's not likely executing your comparison code at all. Fix the error, and institute proper exception handing in your application by declaring an error handler in your deployment descriptor.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Bear Bibeault, can you tell me whether i have written the if statement correctly or not ?
Among all those commented statements, which one should i prefer ?

i have written the code in try catch block..its saying, java.sql.SQLException: Invalid cursor position


java.sql.SQLException: Invalid cursor position
at com.sun.rowset.CachedRowSetImpl.checkCursor(CachedRowSetImpl.java:1611)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:1697)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:2482)
at controller.LoginController.doPost(LoginController.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Thank you for quick reply Bear Bibeault :)
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60791
    
  65

equals() will perform a case-sensitive comparison.

Until the error is fixed, however, it won't be executed.

And as I said, don't try/catch locally; establish a central error handler via the deployment descriptor that will handle exceptions in a consistent manner across the application.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
ohh ok.. Thanks for suggesion Bear Bibeault.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60791
    
  65

I would also suggest that you consider using something more secure if this isn't just practice code. You can use the built-in security system, or something like Shiro.

At minimum, you should not be storing passwords in clear text in the database.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
its not a practice code Bear Bibeault, but i am supposed to use database tables only. :-|
But thanks for the information. :-)
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60791
    
  65

Who said not to use the database? But you should, at minimum, be hashing the passwords for security. Ideally, you'd use a security package that already has the bugs worked out.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

You must use a one-way hash or hmac on the password that you store in your database. Its simply unacceptable to store passwords in the clear in a database.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Thank you Pat Farrell and Bear Bibeault.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: case sensitive Login authentication
 
Similar Threads
getting null value, from a variable being sent from JavaScript in the page
else condition is not working, for unchecked checkbox
ResultSet.updateString() , updateInt() are not updating values
Implementing scanner into a simple login page
pass more than one parameter at the web services client