Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 3 of 3

Thread: Java password encryption

  1. #1
    Junior Member
    Join Date
    Dec 2010
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Java password encryption

    Hi,
    So i have made an application which connects/logs into the root of the mysql server then loads the different databases/tables etc. But as it works, the user puts the username/password into the textfield, then it takes the user/pass and sends to the server to login.

                 Class.forName("com.mysql.jdbc.Driver");
                 String url = addressTextField.getText();//"jdbc:mysql://localhost:3306/mysql";
                 String userName = connInstance.getLoginDetails(loginTextField);
                 String passWord = connInstance.getLoginDetails(passWordTextField);
                 con = DriverManager.getConnection(url,userName, passWord);
                 stmt = con.createStatement();

    The getLoginDetails() method just grabs the input from the textfields. Now it all works fine, though i am wondering about what encryption should be used for the password and how i would go about it?
    I could have a database with all usernames/MD5 digests, then when the user tries to log in, it creates an MD5 digest of the password and compares to the one in the database to see if its the correct password, though i am unsure as to how i would then login to the server as even though it has been confirmed that its the right password, the password itself still has to be sent to login. Im kind of new to this and not sure how i go about secure logins. Any help would be appreciated,
    thanks.


  2. #2
    Administrator copeg's Avatar
    Join Date
    Oct 2009
    Location
    US
    Posts
    5,332
    Thanks
    181
    Thanked 829 Times in 772 Posts
    Blog Entries
    5

    Default Re: Java password encryption

    It sounds like you want each user to have a specified username/password for the database? You might consider a model which requires just a few username/password pairs for database access, each of which defines different select/update/delete access to the database tables. So rather than having a username/password defined for database login for each user, you define access right groups, which users are members of. From there, you could have a table which contains the username, MD5 password, and access right...which can be queried for each user to determine the access rights and login to the database with the username/password corresponding to those rights.

  3. #3
    Junior Member
    Join Date
    Dec 2010
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Java password encryption

    Quote Originally Posted by copeg View Post
    It sounds like you want each user to have a specified username/password for the database? You might consider a model which requires just a few username/password pairs for database access, each of which defines different select/update/delete access to the database tables. So rather than having a username/password defined for database login for each user, you define access right groups, which users are members of. From there, you could have a table which contains the username, MD5 password, and access right...which can be queried for each user to determine the access rights and login to the database with the username/password corresponding to those rights.
    Ill explain a bit better. I have the mysql community server vs 5.1.51 running on my desktop pc at home. If im at university or somewhere else other than home i want this program to be able to connect to it, which it can. I log in as the root user as im the only one so i have all permissions etc. I just want to no how to 'securely' login i guess.

    try
    {
         Class.forName("com.mysql.jdbc.Driver");
         String url = addressTextField.getText();
         String userName = getLoginDetails(loginTextField);//gets username
         String passWord = getLoginDetails(passWordTextField);//gets pass
         con = DriverManager.getConnection(url,userName, passWord);
         stmt = con.createStatement();
         conInfoTextArea.setText("URL: " + url + "\n" + "Connection: " + con);
    }
     
    public String getLoginDetails(JTextField tf)
    {
            return logindets = tf.getText();//string that holds login dets which is user/pass
    }
    Now that code there is just sending the username, and password to the url, which is the mysql server. How can i do this safely with encryption or some other method? or is that fine and secure as it is?
    Last edited by jmorr212; January 29th, 2011 at 01:54 AM.

Similar Threads

  1. password.java
    By nickpuma19 in forum Object Oriented Programming
    Replies: 5
    Last Post: November 11th, 2010, 12:29 AM
  2. Basic Java Encryption
    By BronxBomber in forum What's Wrong With My Code?
    Replies: 1
    Last Post: April 9th, 2010, 10:50 PM
  3. [SOLVED] Password screens
    By Dave in forum AWT / Java Swing
    Replies: 7
    Last Post: August 26th, 2009, 06:37 AM
  4. password
    By 5723 in forum Algorithms & Recursion
    Replies: 9
    Last Post: July 9th, 2009, 05:26 AM
  5. [SOLVED] java password
    By pwngrammer in forum File I/O & Other I/O Streams
    Replies: 6
    Last Post: June 15th, 2009, 09:49 AM