• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

password hashingsalting in struts

 
Aditi agarwal
Ranch Hand
Posts: 225
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please can anyone give me an idea how to use password hashingsalting in struts 1.x

please help me

thank you
 
Joe Ess
Bartender
Posts: 9312
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Struts is an implementation of a Front Controller pattern. It has nothing to do with how one handles passwords.
You probably either want to use MessageDigest to create a hash of the password or use something like container managed security to delegate that task to the server.
 
Aditi agarwal
Ranch Hand
Posts: 225
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your reply joe actually i cannot undertand your reply sorry for that but i would like to tell you that i have used Hashing&Salting method but the problem is i am using sessions even after invalidating them my project stop working due to sessions problem only
 
Joe Ess
Bartender
Posts: 9312
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Aditi agarwal wrote: the problem is i am using sessions even after invalidating them my project stop working due to sessions problem only


You are going to have to give us some more details. What do you mean your project "stops working"? How do you know sessions are causing this? What does password hashing have to do with this problem?
 
Aditi agarwal
Ranch Hand
Posts: 225
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After introducing this code my application doesnot even allow me to login what should i do in this case
please help me the code is as follows:-

my code for password hashing & salting is :-

userloginform.java



userloginaction.java






userLogin.jsp



 
Joe Ess
Bartender
Posts: 9312
10
Linux Mac OS X Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never ever Ever EVER do this:

If there's an exception in your code, you'll never know.
 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

I believe that there are a number of problems that are contributing to this not working.
Firstly I'm not sure you understand what the reason why you are hashing and salting and how it works (well your code suggests that). http://stackoverflow.com/questions/696629/how-does-hashing-and-salting-passwords-make-the-application-secure seems like a good explanation especially the post by Visage about the 4th down.

These are the problems as I see them:
1) You are creating a new hash each time a user comes to login, however you should either be a) Using a system-wide salt where all users are given the same salt. b) Generating a random salt for each user and storing that in the database and using it when they attempt to log in. c) use another property (such as username) as the salt.
As you can probably guess, b) would probably the the best.
So you should not have this: on your userLogin.jsp

2) In your checking code you have: You seem to be hashing and salting the password that you are retrieving from the database, but you should be hashing and salting the password that the user has entered and then comparing that to the password you have stored in the database (which should have already been hashed and salted - which is why you always need to use the same salt...).

Hope this helps.

Sean
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic