• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

failing to get login right from servlet and midlet

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi every one! I am failing to get login right. The code i have below is to input username and password from a midlet, send it to a servlet using post method, check the user name and password in the servlet with a mysql database and then send response to the midlet to either cahange to another displayable or to try again. the problem i get is that either my servlet code for checking username and password isn't correct and also maybe the servlet response is not sent to the midlet. I even think my method for sending response to the midlet is wrong but don't know a better way to do it. some one help please.
midlet code:


servlet code
 
author
Posts: 3285
13
Mac OS X Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Kenneth and welcome to Javaranch, what error message are you getting?
 
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While I don't know what's going on, I see three security problems with the code:

1) Since the server doesn't sanitize the DB inputs, it's vulnerable to SQL injection attacks; you really should be using a PreparedStatement.

2) Don't send login information via GET; use POST instead. Using GET the password is stored in numerous places (like caches, access and log files, etc.) that really have no business recording such information.

3) Also, it seems that passwords are stored in the DB as plain text - another no-no. Stored passwords should be hashed (using an algorithm like SHA-2) so that they can't be retrieved.
 
Kenneth Owino
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi. thanks for the reply. there are no error messages i receive but the program fails to display an output as required. i tested it and found that the response from the servlet is not null but it seems it is in a format that cannot be understood by the midlet. could you please check my method of sending response and maybe the way the midlet handles the response and give me a correction or better code. i think my problem is around there but i cannot figure out what to do
 
reply
    Bookmark Topic Watch Topic
  • New Topic