I've tried searching my problem with no success...Can anyone help me fetch a password from the jpasswordField, encrypt it , store it to the database then decrypt back for login validation

Recommended Answers

You need external Api for this... try this http://www.jasypt.org/easy-usage.html

Jump to Post

All 3 Replies

You need external Api for this...

No you don't. Its part of JDK 6.
Here's a decent introduction from Oracle themselves:

A common approach is to make a MessageDigest of the password (eg using MD5) and store that in the database. When the user next enters his password you again take a MessageDigest and check that it matches the one in the database. That way there's no (sensible) way to "decrypt" the password, even if a bad guy gets hold of the database.

Yup, you should never store plaintext passwords, and should never decrypt them.
Of course if your encryption mechanism doesn't guarantee an identical result for identical input (not sure if such exist, but it's I think possible) you're basically screwed, and will have to choose a different algorithm.

Many professional systems go further, delegating the entire authentication and authorisation to external services, just transmitting the credentials to that service and handling the response.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.