Hello.
I want to do some simple login system. i'm using
servlets,
jsp and hibernate (for communicating the password). So I have a form in my jsp page, which contains "password" field. After submiting the form, all validations are made and then all of the fields go to the servlet.
And here are my questions:
1. Password go to the servlet as raw text right ? So i should make an encryption on client side (using javascript?) ?
2. Let's say that I want to send the password to the servlet as raw text, and encrypt it in the servlet. Are there any libraries or jstl to make that? Or I have to write the script by myself ?
3. If I will have an encrypted password, and my servlet will save it in DB, when the user will try to log in, and will type the login name and password in the form, before checking it in the database - I have to encrypt it with the same script right ?
4. If user will forgot the password, should I have second script for decrypting password or should I send to the user some-how generated link to change the password ?
I think it's all for now. Thank you for reading