A few friends from school and I are messing around with writing a chat server/client. We are writing it in java, and now we are at the stage where we are trying to get people unique ids and logging in. Just curious as to the best practices for handling user input like usernames and passwords as they are passed over the net. I don't want them showing up in plaintext in something like wireshark if someone captures traffc on the network. I also don't want them being stored as plaintext on the server as well. Does java have any utility's built in for helping out and what should we read/research in order to provide a secure program and protect our users data?

6 Years
Discussion Span
Last Post by stevanity

The easiest way would not be not to store the password but a hash of the password. That way even if your packets are sniffed the person only sees garbage. When the user creates a password or logs in you can hash the password prior to sending it over the the network. The on the server side you can compare the send hash to the hash you have stored for the user in your database. Just Google hashing with salt to see examples.

Votes + Comments

Also dont use String objects to store sensitive data. Use a character array for it when you want to process it or compare them, and they safely fill the char array with some garbage data after use.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.