java - I can't log-in because I used aes_encrypt for my password field -


i'm practicing programming using java , mysql using netbeans ide. can log-in application using code below. if encrypt password using aes_encrypt feature of mysql, don't know how decrypt it. know there aes_decrypt had hard time syntax.

private void btnloginactionperformed(java.awt.event.actionevent evt) {                                              if(lblusername.gettext().length()==0)  // checking empty field         joptionpane.showmessagedialog(null, "empty fields detected ! please fill fields");     else if(password.getpassword().length==0)  // checking empty field         joptionpane.showmessagedialog(null, "empty fields detected ! please fill fields");     else{         string user = lblusername.gettext();   // collecting input         char[] pass = password.getpassword();         string pwd = string.copyvalueof(pass);  // converting array string         if(validate_login(user,pwd)){             joptionpane.showmessagedialog(null, "correct login credentials");             mainstudentrecord mainstudentrecord = new mainstudentrecord();             mainstudentrecord.setvisible(true);             this.dispose();         }         else{             joptionpane.showmessagedialog(null, "incorrect login credentials");             lblusername.settext("");             password.settext("");         }     }   }                                                  private boolean validate_login(string username,string password) {     try{                    class.forname("com.mysql.jdbc.driver");  // mysql database connection         connection conn = drivermanager.getconnection("jdbc:mysql://localhost:3306/studentrecord","neil","basabe");              preparedstatement pst = conn.preparestatement("select * user username=? , password=?");         pst.setstring(1, username);          pst.setstring(2, password);         resultset rs = pst.executequery();                                 if(rs.next())                         return true;             else             return false;                 }     catch(exception e){         e.printstacktrace();         return false;     }            } 

here table definition:

username varchar(16)  password varchar(16) 

to:

username varchar(16) password blob --------- me use aes_encrypt 

i know part should edit:

preparedstatement pst = conn.preparestatement("select * user username=? , password=?"); 

to:

preparedstatement pst = conn.preparestatement("select * user username=? , password=_______this confusing part_________"); 

please help!

there multiple issues here. i'll address 1 have identified first:

you have transformed password in way store in database. perform same transformation on determine if stored there rather trying reverse transformation on data have stored.

the transformation have used reversible encryption. should store passwords non-reversible hash (and salt) of (salted) password. idea computationally expensive operation, considering both time , space. using scrypt generate password hashes helps meet requirement.

how store passwords topic won't go in further. however, if possible not store password data @ , use third party (think of websites allow log in google/facebook/twitter/etc ... 1 does), that, they're more secure password storage correct.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -