Win a copy of Securing DevOps this week in the Security forum!

Carey Brown

Bartender
+ Follow
since Nov 19, 2001
Carey likes ...
Eclipse IDE Firefox Browser Java MySQL Database VI Editor Windows
Forum Moderator
Carey Brown currently moderates these forums:
Cows and Likes
Cows
Total received
47
In last 30 days
0
Total given
1
Likes
Total received
677
Received in last 30 days
19
Total given
88
Given in last 30 days
4
Forums and Threads
Scavenger Hunt
expand Rancher Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Carey Brown

Again, this is meant as an *example*. You will have to customize it for your particular application and replace PersistentStorage with some managed database or file.

4 hours ago
I'm afraid you've posted on a "Java" forum. What you posted is  "JavaScript", not "Java" (aside from the annoying name similarities).
To post your code just cut-n-paste the code. Then drag the cursor over the code so that it is highlighted. Then click on the 'Code' button just above the edit window. To see if it worked click on the 'Preview' button below the edit window. The code should appear in the preview window with line numbers.
The arrow points to "Card". Are you compiling your Card.java program as well? Is it in the same package?
1 day ago
When you post error messages, also use Code tags to get the correct character spacing.
This saying it can't find your class named "Card". Seeing as how you have an almost identical use on line 139 (which I presume is NOT giving you an error) I'm going to guess that you may have an unprintable character in that line. I suggest deleting 149 and re-typing it.

Ah. Forget that. It looks like you need to declare "leastDesireableCard" as static.

You will get people grumbling about 'static' being used in this manor as a bandaid for not having an object oriented approach. The general rule is that main() should have very few lines of code in it and should primarily be used as a place to create an instance of your class.
2 days ago
When you post error messages, also use Code tags to get the correct character spacing.
This saying it can't find your class named "Card". Seeing as how you have an almost identical use on line 139 (which I presume is NOT giving you an error) I'm going to guess that you may have an unprintable character in that line. I suggest deleting 149 and re-typing it.

Ah. Forget that. It looks like you need to declare "leastDesireableCard" as static.

You will get people grumbling about 'static' being used in this manor as a bandaid for not having an object oriented approach. The general rule is that main() should have very few lines of code in it and should primarily be used as a place to create an instance of your class.
2 days ago
Which is line 149?
Please re-post your code and this time use the Code tags. To achieve this, first highlight your entire block of code by dragging the mouse. Then click on the 'Code' button just above the editing window. Then click the 'Preview' button below the editing window, this will show you if it worked. If it worked then the code should appear with line numbers.
2 days ago
Seems good to me. I have a few suggestions though:
  • Clean up your indentation.
  • Don't use 'l' (lower case 'L') for a variable, it's too easy to mistake for a one.
  • Use descriptive variable names.
  • Use the '+=' operator instead of A=A+B.
  • Use underscores (_) in long numeric constants to make it more readable.
  • 2 days ago
    The "..." means you need to put something there. This would be the code in main() that you'd like to execute if the login is successful.
    5 days ago
    Some Java bit twiddling. Each input bytes results in two ASCII characters '0' through 'F'.
    5 days ago

    Martin McNicholas wrote:As two last notes there are two things I would like to ask. The first is I am assuming the login class is left black on purpose correct?

    I don't follow this.
    5 days ago
    What format are your Strings 'a' and 'b' in?
    5 days ago
    If you want to see if a user entered a pin of 6357 you'd have to compare it with something: a hard coded string in the software, a string in a text file, a string in a serialized file, or even a field in a database. ALL of these are vulnerable to hacking efforts or easily obtained by a system administrator. This is especially insidious if a person happens to use a number that is easy for them to remember for logging in to multiple accounts.

    So if you can't store the string 6357, then what do you store?

    You want a set of bytes that has a strong relationship to the entered pin (or password), and then store that set of bytes using one of the approaches listed above. Now if someone hacks the storage they only find a meaningless sequence of bytes which does not give them enough info to reverse engineer the pin. The result is that they won't know the pin to use in order to log in to the system.

    One approach to getting a string of encoded bytes for a pin is to use a hash function. There are several available. Java comes with an API to generate hashes. One of the easier ones to connect to is the MD5 hash. You take your pin string and pass it to the MD5 methods and it returns an array of 16 seemingly random bytes. For convenience sake, this is often converted to a 32 character hex string for storage and comparison. Note that a hash is not 1 for 1 unique to a pin. That is, multiple pins may hash to the same 16 bytes. This is so rare that it doesn't impact the security because, again, you can't use the hash to reverse engineer the pin.

    So, you now have a stored hash instead of a stored pin. Now, how do you verify a pin during log in? It is pretty straight forward. You prompt the user to enter a pin, you hash that pin to come up with the hash value, and then compare that hash value to the one previously stored. If it matches, they've successfully logged in. At no time is the plain text pin sent across the network, or internet, or written to a hard drive.

    That's pretty much it in a nutshell.
    5 days ago
    Please avoid quoting previous post unless it is pertinent to your reply. If you were responding to an older post, for example, quoting the post might make it clearer as to what you are responding to.  Otherwise, quoting just adds bulk with no new information.
    5 days ago
    You could have a Login class like this. Note I've used the MD5 validation previously mentioned for security. You might just do a string comparison with "6357", but it is not as secure.


    5 days ago