A few friends from school and I are messing around with writing a chat server/client. We are writing it in java, and now we are at the stage where we are trying to get people unique ids and logging in. Just curious as to the best practices for handling user input like usernames and passwords as they are passed over the net. I don't want them showing up in plaintext in something like wireshark if someone captures traffc on the network. I also don't want them being stored as plaintext on the server as well. Does java have any utility's built in for helping out and what should we read/research in order to provide a secure program and protect our users data?
Jump to Post
The easiest way would not be not to store the password but a hash of the password. That way even if your packets are sniffed the person only sees garbage. When the user creates a password or logs in you can hash the password prior to sending it over the …
All 2 Replies
We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.