java - I can't log-in because I used aes_encrypt for my password field -
i'm practicing programming using java , mysql using netbeans ide. can log-in application using code below. if encrypt password using aes_encrypt
feature of mysql, don't know how decrypt it. know there aes_decrypt
had hard time syntax.
private void btnloginactionperformed(java.awt.event.actionevent evt) { if(lblusername.gettext().length()==0) // checking empty field joptionpane.showmessagedialog(null, "empty fields detected ! please fill fields"); else if(password.getpassword().length==0) // checking empty field joptionpane.showmessagedialog(null, "empty fields detected ! please fill fields"); else{ string user = lblusername.gettext(); // collecting input char[] pass = password.getpassword(); string pwd = string.copyvalueof(pass); // converting array string if(validate_login(user,pwd)){ joptionpane.showmessagedialog(null, "correct login credentials"); mainstudentrecord mainstudentrecord = new mainstudentrecord(); mainstudentrecord.setvisible(true); this.dispose(); } else{ joptionpane.showmessagedialog(null, "incorrect login credentials"); lblusername.settext(""); password.settext(""); } } } private boolean validate_login(string username,string password) { try{ class.forname("com.mysql.jdbc.driver"); // mysql database connection connection conn = drivermanager.getconnection("jdbc:mysql://localhost:3306/studentrecord","neil","basabe"); preparedstatement pst = conn.preparestatement("select * user username=? , password=?"); pst.setstring(1, username); pst.setstring(2, password); resultset rs = pst.executequery(); if(rs.next()) return true; else return false; } catch(exception e){ e.printstacktrace(); return false; } }
here table definition:
username varchar(16) password varchar(16)
to:
username varchar(16) password blob --------- me use aes_encrypt
i know part should edit:
preparedstatement pst = conn.preparestatement("select * user username=? , password=?");
to:
preparedstatement pst = conn.preparestatement("select * user username=? , password=_______this confusing part_________");
please help!
there multiple issues here. i'll address 1 have identified first:
you have transformed password in way store in database. perform same transformation on determine if stored there rather trying reverse transformation on data have stored.
the transformation have used reversible encryption. should store passwords non-reversible hash (and salt) of (salted) password. idea computationally expensive operation, considering both time , space. using scrypt generate password hashes helps meet requirement.
how store passwords topic won't go in further. however, if possible not store password data @ , use third party (think of websites allow log in google/facebook/twitter/etc ... 1 does), that, they're more secure password storage correct.
Comments
Post a Comment