• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

JSP/Oracle Authentication

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all, I've got a question about using JSP with Oracle that I'm hoping someone will be able to answer. Here's the situation:
I'm developing a number of small JSP applications on our secure server, and for authentication I'm going to be using the users table which already exists for another oracle application. The passwords stored in this table are encrypted.
My problem is that I'm uncertain if the password sent over by login.jsp, for example, will match the password in the database when the query is executed, since the password in the database in encrypted and the password sent in the query is not.
I've been unable to test it yet, as I don't currently have access to the production database (and won't for a couple of weeks), but I'm curious if anyone can give me an idea of whether this will work or not, or perhaps if I'll have to find a oracle package or PL/SQL stored procedure which will handle the authentication against the db for me.
Perhaps the package or procedure would be called from the jsp and accept the values from the form, perform the encryption and authentication of the un/pw and return a true/false value?
Can anyone give me an idea if what I mention in the last paragraph is on the right track or if I'm way off base? And if I am way off base, what direction should I be headed in?
Thanks in advance.
Pablo
 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you're accessing the main user table in Oracle, then all you have to do is make a connection to the database. If it succeeds, it's a valid user, if not, do anything you want with them.
 
Pablo Gosse
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, unfortunately I'm pretty sure it's not the main user table in oracle. It's the user table for Banner, a huge application that piggy-backs Oracle.
The passwords in the table are encrypted, so I'm wondering if:
a) the passwords sent over by the jsp page will be encrypted when the table is queried, and
b) if they're not, what do I need to do to encrypt them (ie., call a stored procedure or existing package).
Thanks,
Pablo
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic