Discussions

Web tier: servlets, JSP, Web frameworks: Password encryption in JSP's

  1. Password encryption in JSP's (2 messages)

    Hello everyone...

    Hope everyones doing just fine :)

    I am working on a portal involving payment gateways and SSL implementation for payments.We are registering first time commers with basic membership levels.During the registration process the password is stored as it is in the MySQL database server.We felt the need for encrypting or (encoding /decoding ) the password column for more security..
    There are some cool functions avaliable with MySQL , but using database specific function will lock our flexibility to port the database to other SQL servers ,if ever in the future.So I was wondering if there is any way i can use java methods or classes if available to encrypt the password .

    Suggestions if any will be appreciated.
    Regards VJ

    Threaded Messages (2)

  2. Password encryption in JSP's[ Go to top ]

    Check out the JCE api at java.sun.com
  3. Password encryption in JSP's[ Go to top ]

    Yes, the JCE is the place to look for this kind of thing.
    Basically, the standard solution for the password storage
    is to hash the password, run the bytestream through
    Base64 to get a String, then write the result to MySQL.

    To verify a password, run the potentially correct passwd
    through the hash, Base64, and compare to stored value.
    If it's equal, you are fine. If not, deny access.