• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

if i store a password data from jsp to the database how to hide it from others seeing

 
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if i store a password data from jsp to the database how to hide it from others seeing the password in the database?i.e viewing my table they should not be able to look at my password?
Should be encrypt or any method is there for this??
Well am sure u guys have understood this question?
This was asked to me in an interview?
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you need to store passwords in the databse and they are only required for authentication, then you can use a one-way function, also called a hash function, to protect the passwords.
A one way function is a function that is easy to compute in one direction, but the inverse is difficult or impossible to compute. ie it is difficult to find the input value given the output value.
The user passes your application a password and asks you to save it. You send the password through the hash function and get the mangled value back and store this in the database.
When they log in, you get the password they send, mangle it again, and compare that the two mangled versions of the passwords are the same. At no point do you give anyone access to the real (unhashed) password. It is also very difficult to find the original password given the hashed value.
MD5 is an example of a one-way hash function used in cryptography.
I'm looking for an intro page, but I'm having trouble finding one I like...
Dave
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is an intro page here: http://www.15seconds.com/issue/000217.htm
Be aware that the sample code is for ASP not JSP. It looks close but is not quite what you are looking for.
Dave
 
senthil sen
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for ur reply dave,i will work on this if u get any other information about this concept kindly forward it ..
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Depending which DB you use many support one way hashing in the insert statement. MySql is a good example.
Nealle
 
senthil sen
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
well if we use hashtable and enter data into the database how to retrieve it from there..any method there for this??
 
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, yes.
Just do a SELECT
But, to provide a more useful answer, the idea is to do something like this:
Suppose, you have a function encrypt(String input), which creates an excrypted String for you.
Example:

Suppose the encryptedPassword is something like %@SF&HGEB&*)$M#*SND*@)! now, and that it's impossible to decrypt it. We save this String to the database in the 'saveToDatabase' method, and we are done.

Then, when a user tries to log in, use something like this:
Example

What we do here is to get the encrypted password from the database. Then, we get the password the user typed in (from a form, or swing, or something else). As we cannot decrypt it, we encrypt it and compare the encrypted input password against the encrypted password in the database. If the two encrypted password are the same, it is the same password, thus providing the user access to the system.

I hope this clears up any question you have, if it doesn't, let me/us know!
Erik Pragt
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic