Khangharoth

May 15, 2007

Encryption of Password in Java

Filed under: Java — khangharoth @ 4:31 am

If you are developing a web application and managing User session on the basis of User password.With the traditional way of storing of storing user password as it is in a Db table is not very elegant.Anybody who has the access to Db can get those passwords .This problem is more acute than it seems as most of the Users keep same Login-Id and Password.

So in era of Outsourcing and remotely managed servers and with traditional method of storing password you can never be sure who all are peeking into the User information.

One very simple solution can be to encrypt or in technical terms  to generate a Hash-Key corresponding to the User entered Password and store this i database.When User login again,than take the entered value ,convert into Hash-Key and compare it with value in Db for authentication.

This is very simple yet powerful way,if your application demands more security than you must probably look Jasypt  .

PasswordService.txt

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: