• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Allowing user to change md5 password when logged into system

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So not too long ago someone had given me an example of using md5 hashed strings to use for a mock security system (yes I know md5 is not secure but it is a good place to start to learn) and I have been wondering how can the user possibly once logged into the system change the password. In order to get the hashes used for strings I use this method:



and the hash that returns gets put in this line:


Now here is the thing which confuses me if I want the user to be able to change the password when they log in the has needs to be interchangeable and that 1234 when using echo also can't be set numbers if I want the user to be able to change it. I am confused on how to do this because if I set the hash to be interchangeable so the user can change it to whatever they wish, there is no starting password. The user upon running the program would then have to create a password before doing anything which isn't what I want. How can I allow the user to change password while logged in? Here is the code for reference (example code):

 
Sheriff
Posts: 17734
302
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You shouldn't hard code the MD5 value in your code like you're doing on line 18. As I mentioned in another thread, you should keep the "secret" in a variable that's either a class variable or an instance variable. In this case, it looks like a class variable is appropriate.

For example:

At some appropriate point in your program, you'd call the changePIN() method and you can do this even when the user is logged in.
 
Junilu Lacar
Sheriff
Posts: 17734
302
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Note that having all static methods is probably not the best thing in this type of program but if you haven't touched on object-orientation yet, that's fine for now.
 
Junilu Lacar
Sheriff
Posts: 17734
302
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to learn about more secure hash algorithms, check this out: http://www.baeldung.com/sha-256-hashing-java
 
Bartender
Posts: 10964
87
Eclipse IDE Firefox Browser MySQL Database VI Editor Java Windows ChatGPT
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Again, this is meant as an *example*. You will have to customize it for your particular application and replace PersistentStorage with some managed database or file.

 
Junilu Lacar
Sheriff
Posts: 17734
302
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think you've reached a point where this program is big enough that it requires some attention to design details.  All the code examples you've been given in this thread, including the one I gave, is far from ideal. They are examples, yes, but frankly, they are poor examples and I think it's a bit of a disservice to you to just leave you to figure that out for yourself.

You really need to step back and think about organizing different responsibilities and assigning them appropriately to classes or objects. This goes beyond just providing some kind of authentication functionality using hashes and PINs. Guiding you down that path would be quite a journey though, I think, but I just wanted to point this out before you go any further. The last thing I'd want to see is you "learning" a lot of bad habits and saying that's what the folks at CodeRanch taught you.
 
Junilu Lacar
Sheriff
Posts: 17734
302
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let me try to explain what I meant before...

Take this code:

A main entry point in a class named pin is not that great. Besides the inconsistency with Java naming conventions for class names, it really doesn't fit the intent of the code inside of it.  Getting names right and putting code in right-named classes helps create context and helps you organize your thoughts around the problem.  What this code tells me is that you're very focused on the PIN, which is a small detail when taken in the larger scheme of things that this program could conceivably be about.  Is this supposed to be a banking app? Then why not name the main program something that communicates that better?  Is login really the main focus of this program? Why make it the central idea in the main() method then?

One strong tendency that many programmers have is to dig right into the details of a problem. Try to resist that urge. Get an idea of the big picture first. Create some high-level context around your problem. Think about what are the major parts of the program you want to write. Plan, organize, and write tests as a way to visualize the end state. Then go into the nitty-gritty details of the implementation.
 
Martin McNicholas
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junilu Lacar wrote:I think you've reached a point where this program is big enough that it requires some attention to design details.  All the code examples you've been given in this thread, including the one I gave, is far from ideal. They are examples, yes, but frankly, they are poor examples and I think it's a bit of a disservice to you to just leave you to figure that out for yourself.

You really need to step back and think about organizing different responsibilities and assigning them appropriately to classes or objects. This goes beyond just providing some kind of authentication functionality using hashes and PINs. Guiding you down that path would be quite a journey though, I think, but I just wanted to point this out before you go any further. The last thing I'd want to see is you "learning" a lot of bad habits and saying that's what the folks at CodeRanch taught you.



I will take a look at this and ask if I have any questions and yes maybe they are bad examples but a bit good for me starting anywhere. Once I understood simple string comparison and checking that I did want to look into such things like hashing and even though I will not in the long run use md5 it is ok for learning. The fact doing it this way also just more than doubled the line of codes for the beginning example is also not such a great thing as this is just the beginning of the system I am trying to crate with alarms and much more and having over 200 lines just for a login is just too much of a hassle on so many levels.
 
Martin McNicholas
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Carey Brown wrote:Again, this is meant as an *example*. You will have to customize it for your particular application and replace PersistentStorage with some managed database or file.



Thank you for the example and it might not be the best or even close to it but at least I have somewhere to start learning from now that I know how to compare basic strings and check if they are validated, etc.
 
Martin McNicholas
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junilu Lacar wrote:Let me try to explain what I meant before...

Take this code:

A main entry point in a class named pin is not that great. Besides the inconsistency with Java naming conventions for class names, it really doesn't fit the intent of the code inside of it.  Getting names right and putting code in right-named classes helps create context and helps you organize your thoughts around the problem.  What this code tells me is that you're very focused on the PIN, which is a small detail when taken in the larger scheme of things that this program could conceivably be about.  Is this supposed to be a banking app? Then why not name the main program something that communicates that better?  Is login really the main focus of this program? Why make it the central idea in the main() method then?

One strong tendency that many programmers have is to dig right into the details of a problem. Try to resist that urge. Get an idea of the big picture first. Create some high-level context around your problem. Think about what are the major parts of the program you want to write. Plan, organize, and write tests as a way to visualize the end state. Then go into the nitty-gritty details of the implementation.



To this point I actually already have a program that is the alarm itself that on 1 will disarm and on 2 will arm. The program will be set up to call the login method which includes all of the stuff related to the pin. I have the very base done, my next focus is the pin and the login area. After this comes the sensors and the rest of my program.
 
Martin McNicholas
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would also like to ask what is the purpose of the random MD5 hash?
 
Carey Brown
Bartender
Posts: 10964
87
Eclipse IDE Firefox Browser MySQL Database VI Editor Java Windows ChatGPT
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Martin McNicholas wrote:I would also like to ask what is the purpose of the random MD5 hash?


Well, you need a hash to represent a pin that has been reset, that is, next time an attempt is made to login ask for a new pin. There are a couple of ways of doing this. You could have: userName, pinHash, isReset as fields in a User class (may have been a more straight forward way to do it). I went a different way and have a pinHash that is unique and can't be arrived at by any way of entering a valid pin. I called this NULL_MD5. The reason for "random" is that it should appear scrambled if anyone goes poking around. This "random" code only needs to be run once at the start of development and then cut-n-pasted into NULL_MD5. Once this step has been done you should never modify NULL_MD5 again, so the code is superfluous.
 
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic