Ulf wrote :What are you trying to guard against? Is the password transferred all from the client to the server in a secure form? What do you have so far, and what difficulty are you facing implementing this? Generally, passwords are not stored *encrypted*, they're stored *hashed* (or *digested*) using an algorithm like SHA-2. That way, nobody can retrieve them.
My Comments ::
1> The password text field in the form is of type "password",but while storing in the database,it should be "hashed" or "digested" as you have told,Sorry i thought passwords are stored in encrypted format in the database,Thanks for correcting me....so how can i use this algorithm called SHA-2 and while authenticating the user with correct credentials,it should login successfully,Is it possible to achieve this using the SHA-2 algorithm which you are mentioning,could you provide me some links where SHA-2 algorithm is used in Java.
> I need a Forgot Password link also to be implemented so that when end user enters the appropriate email id,the password which is in "hashed" format in database should be "de-hashed(decrypted)" appropriately and should be mailed to the end user's email address..Can i implement this in Java,,,Please guide me Ulff..
Thanks for replying so soon...
Sorry if i have mistaken/confused with "hashed"/"encrypted" terminologies...
Regards,
Deepak Lal