0

I've tried searching my problem with no success...Can anyone help me fetch a password from the jpasswordField, encrypt it , store it to the database then decrypt back for login validation

4
Contributors
3
Replies
5
Views
6 Years
Discussion Span
Last Post by jwenting
0

You need external Api for this...

No you don't. Its part of JDK 6.
Here's a decent introduction from Oracle themselves:
http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

A common approach is to make a MessageDigest of the password (eg using MD5) and store that in the database. When the user next enters his password you again take a MessageDigest and check that it matches the one in the database. That way there's no (sensible) way to "decrypt" the password, even if a bad guy gets hold of the database.

0

Yup, you should never store plaintext passwords, and should never decrypt them.
Of course if your encryption mechanism doesn't guarantee an identical result for identical input (not sure if such exist, but it's I think possible) you're basically screwed, and will have to choose a different algorithm.

Many professional systems go further, delegating the entire authentication and authorisation to external services, just transmitting the credentials to that service and handling the response.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.