• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Encryption in XML

 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am using a XML file for login name and password validation. I want to encrypt it, so that no body should be able to see the password fields. I want to use JSP. Please help me in detail.

 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Java has some nice encryption and digital signature classes.
Look in the java.security package
I suppose you could apply the MD5 message digest algorithm to the supplied password and store that. I was fiddling with this recently.
static String md5sum(byte[] intext){
StringBuffer sb = new StringBuffer();
try {
// get Instance from Java Security Classes
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] md5rslt = md5.digest( intext );
for( int i = 0 ; i < md5rslt.length ; i++ ){
sb.append(Integer.toHexString( (0xff & md5rslt[i])));
}
} catch(NoSuchAlgorithmException ex) {
System.err.println(ex);
return null ;
}
return sb.toString() ;
}
Bill
 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, that is the only way I know of.
Encrypt the password before storing it, then encrypt the password entered in the authentication request before doing a simple string comparison.
It works well, except that there is no way to ever recover someone's password if he/she looses it. You'll have to create a random password generator to resend lost passwords.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic