Needed a small logic regarding logging into an application with out database.

Hi everybody, I am chaitanya, I am developing an application using Swing. There is a login screen where the user has to enter his user id and password. I am not using any database to store the user id and password. So I need a logic to store my user id and password and the user can change it if he wish. I know I can do this with files. But the information is not secure and the file can be deleted at any time. How to do this. I thought to hard code the user id and password in the application itself. But in this way I cannot change the user id and password.

Can anybody please help me. Thank you all in advance.

And I don't know whether I can ask this question at Java Ranch or not. So please excuse me if I am doing the wrong thing.

anusha chaitanya wrote: I know I can do this with files. But the information is not secure and the file can be deleted at any time. How to do this.

Don't store the password. Instead, store a hash of the password. google "java md5" or "java sha1" for examples on how to do this.

To check the password, you'll need to challenge the user for the password (as previous), but instead of checking the password, you will have to take a hash of the just challenged password, and check if the two hashes match. It is not possible to get the password from the hash, so checking the passwords directly is not possible, but that is what makes it secure.


As for protection against deletion, aren't your program files that can also be deleted too?

Henry

Thank you Henry, I will make a google search, understand how to do this and reach you if I get any doubts further. Thanks a lot.