I've tried searching my problem with no success...Can anyone help me fetch a password from the jpasswordField, encrypt it , store it to the database then decrypt back for login validation
Recommended Answers
Jump to PostYou need external Api for this... try this http://www.jasypt.org/easy-usage.html
All 3 Replies
Majestics
84
Posting Pro
JamesCherrill
4,577
Most Valuable Poster
Moderator
Featured Poster
You need external Api for this...
No you don't. Its part of JDK 6.
Here's a decent introduction from Oracle themselves:
http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
A common approach is to make a MessageDigest of the password (eg using MD5) and store that in the database. When the user next enters his password you again take a MessageDigest and check that it matches the one in the database. That way there's no (sensible) way to "decrypt" the password, even if a bad guy gets hold of the database.
jwenting
1,839
duckman
Team Colleague
Yup, you should never store plaintext passwords, and should never decrypt them.
Of course if your encryption mechanism doesn't guarantee an identical result for identical input (not sure if such exist, but it's I think possible) you're basically screwed, and will have to choose a different algorithm.
Many professional systems go further, delegating the entire authentication and authorisation to external services, just transmitting the credentials to that service and handling the response.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.