Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Login/logout in a Java application  RSS feed

 
Greenhorn
Posts: 12
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, wanted to code a good and secure login to my Java fx application, but does not know where ro start. Anyone ego kan hive me som leads, examples and so on?

Best regards Tom
 
Bartender
Posts: 9490
184
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What's wrong with the user just logging into the operating system's user session?
 
Ranch Hand
Posts: 103
5
MS IE Notepad Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hmm, smells like "bad idea led to bad design" kinda ...

first: try to re-phrase what it does mean that a user have to log into your application
on most cases, it's either some CMS where the application is used to alter datasebase records and the user account is only for 1) logging who has what done and 2) controll what who can do
on the other hand - if you want to restrict access to you application by tryin to "guard" it behind some sort of challenge-response (aka login aka user has to provide proof of knowledge) it's the wrong approach
third guess: you're developing some sort of forum/board/game/what ever needs to identify a user - that way, your users authenticate against stored information used at registration - but not to gain access to your application but rather to the provied service - hence not logging into your application but rather into your service provided by your application

second: after you cleared what goal you want to approach - it's mostly not a question about how to achieve your set goal - but rather what pitfalls to avoid
rather drastic example: a simple "multi-user" game - worst approach: save username and password in clear - better: only save hashed values and create a challenge-response system where the user doesn't provide the data itslef but rather proof of knowledge - pitfall: choosing a to-weak hash-algo could open up the possibiity someone founds a hash-collision and therefore is able to log in with something not the real secret but somethings resulting in the same hash - there lot of services offering huge MD5 rainbow tables - you simple put in a hash in HEX and get something that would result in the given hash - or on really big servies you get multiple responses all matching the hash

third: if you got stuck try to phrase your issue and we can try to provide help
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!