I've tried searching my problem with no success...Can anyone help me fetch a password from the jpasswordField, encrypt it , store it to the database then decrypt back for login validation
Majestics 84
JamesCherrill 3,661
You need external Api for this...
No you don't. Its part of JDK 6.
Here's a decent introduction from Oracle themselves:
http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
A common approach is to make a MessageDigest of the password (eg using MD5) and store that in the database. When the user next enters his password you again take a MessageDigest and check that it matches the one in the database. That way there's no (sensible) way to "decrypt" the password, even if a bad guy gets hold of the database.
jwenting 1,649
Yup, you should never store plaintext passwords, and should never decrypt them.
Of course if your encryption mechanism doesn't guarantee an identical result for identical input (not sure if such exist, but it's I think possible) you're basically screwed, and will have to choose a different algorithm.
Many professional systems go further, delegating the entire authentication and authorisation to external services, just transmitting the credentials to that service and handling the response.
