login Authentication

Hi,
I am new to Java technology but i am a experienced client/server programmer. i am developing my first web application using struts framework. i need to know very basic concept.
What is the best and secure way to submit a HTML form with login and password?
How to store password (probably in encrypted form) in database?
What is the best and secured way to validate the login and password?
It may sound stupid but keep in mind that i am new to web application. Please do help me.
Thanks in advance.
vivek

vsaxena
JavaRanch has a Naming Policy Please read it and change your display name to follow this requirement.

HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks

I think the safest way to submit a login form with username and password is to use SSL.
You can see this on the websites of online banks.
You can choose some kind of encryption algo, with a secure key and store the password as encrypted text in database, just like any other plain-text field.
When the user submits the username and password, you can match it with a simple condition, say for example,
if ( db_username = form_username &&
db_password = encrypt(form_password)
)
then
login success;
This is just an outline and you can improvise it to any level according to your application needs.
Hope this helps.
-meera

I'd highly recommend using both SSL and one-way encryption to store the password value.
By using one-way encryption you ensure that even if someone gains access to the database that the passwords are still secure. But that doesn't help much if passwords are transmitted from the client to the server as clear text -- that's where SSL comes in.
hth,
bear
[ April 24, 2002: Message edited by: Bear Bibeault ]

HI,
I really appreciate both of you. could you please give me some sort of direction where to look or some sort of example? that would be great for me.
Any other help would be appreciated.
thanks

Originally posted by vivek_saxena:
HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks

Simple, just go to here and change it!

Carl,
I had already corrected my name. i need help to resolve my problem in java.
Please someone help me.
Thanks

Here's a good resource if you want to under stand how security in Servlets and JSP's.
Goto informit.com
then do a search "Advanced JavaServer Pages Security" from the site Search (on the upper left side of the window).
This is a chapter from a book by David Geary.
This site has alot of ver good resources...
Daryl

Dear vivek
If you want to control your login validation through SSL, then you can send me an email at [email protected], i will send back to you the example source code of login client/server application which connects through using SSLSocket's classes described in Advance Java How to Program by Deitel and Deitel.
Or, you can simply go to thier site and can download source code for Advanced Java™ 2 Platform How to Program.
Client/Server Login Authentication is described in thier chp07 directory: http://www.deitel.com/books/downloads.html
Hope it suffices your requirement.
Kind regards
Rashid Ali
[ April 29, 2002: Message edited by: Rashid Ali ]