Password Masking

kr_raj
kr_raj used Ask the Experts™
on
How to achieve password masking in console application?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
What is "normal" application? What do you mean by "encode" password"?
Commented:
If you are using swing, use JPasswordField for hiding password typing.
If you are using console application and user must enter the password but you want to make'it invisible, use following sample (I believe from Sun site):
############################
import java.io.*;

/**
 * This class attempts to erase characters echoed to the console.
 */

class MaskingThread extends Thread {
   private boolean stop = false;
   private int index;
   private String prompt;


  /**
   *@param prompt The prompt displayed to the user
   */
   public MaskingThread(String prompt) {
      this.prompt = prompt;
   }


  /**
   * Begin masking until asked to stop.
   */
   public void run() {
      while(!stop) {
         try {
            // attempt masking at this rate
            this.sleep(1);
         }catch (InterruptedException iex) {
            iex.printStackTrace();
         }
         if (!stop) {
            System.out.print("\r" + prompt + "\r");// + prompt);
         }
         System.out.flush();
      }
   }


  /**
   * Instruct the thread to stop masking.
   */
   public void stopMasking() {
      this.stop = true;
   }
}
############################
import java.io.*;

public class PasswordApp {
   public static void main(String argv[]) {
      PasswordField passfield = new PasswordField();
      String password = null;
      try {
         password = passfield.getPassword("Enter your password: ");
      } catch(IOException ioe) {
         ioe.printStackTrace();
      }
      System.out.println("The password entered is: "+password);
   }
}
############################
import java.io.*;

/**
 * This class prompts the user for a password and attempts to mask input with ""
 */

public class PasswordField {

  /**
   *@param prompt The prompt to display to the user.
   *@return The password as entered by the user.
   */

   String getPassword(String prompt) throws IOException {
      // password holder
      String password = "";
      MaskingThread maskingthread = new MaskingThread(prompt);
      Thread thread = new Thread(maskingthread);
      thread.start();
      // block until enter is pressed
      while (true) {
         char c = (char)System.in.read();
         // assume enter pressed, stop masking
         maskingthread.stopMasking();

         if (c == '\r') {
            c = (char)System.in.read();
            if (c == '\n') {
               break;
            } else {
               continue;
            }
         } else if (c == '\n') {
            break;
         } else {
            // store the password
            password += c;
         }
      }
      return password;
   }
}
############################

If you meen encoding the password as an unreadable string, there are many encoding techniques and algorithms you can use. http://developer.java.sun.com/developer/codesamples/security.html

Author

Commented:
Sorry for the inconvenience caused.
Actually my problem is how to achieve Command-Line
Input masking. For AWT/Swing application, password
masking is not an issue as package provides class and
method to mask the password.
So, would you please suggest me how to mask password
(similar to Unix approach to login screens, where password
is not echoed on the screen at all).

OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Author

Commented:
Thx a ton to Ovi for the help.

Commented:
here you can find one possible approach:
http://java.sun.com/features/2002/09/pword_mask.html

unfortunately - it is not clean
Ovi

Commented:
My example is working in this sense.
Ovi

Commented:
... and is the same as the one in the link posted by Venci75
Mick BarryJava Developer
Top Expert 2010

Commented:
That functionality is currently not supported (without using some JNI) and there is an outstanding RFE for it.
http://developer.java.sun.com/developer/bugParade/bugs/4050435.html
The link posted by Venci75 contains a workaround, but it's not guaranteed to always work.
Ovi

Commented:
The bug posted does not refer to the solutions (the same) posted here.
Mick BarryJava Developer
Top Expert 2010

Commented:
> The bug posted does not refer to the solutions (the
> same) posted here.

It actually does?

Mick BarryJava Developer
Top Expert 2010

Commented:
And besides it's still useful information isn't it?
It explains that the functionality required is currently not supported.
Ovi

Commented:
out of the topic ... . The code in the comment posted here (the same as the one from Sun site) represents a workaround for this unsupported feature, as originally says it's author.
Mick BarryJava Developer
Top Expert 2010

Commented:
> ...contains a workaround, but it's not guaranteed to
> always work.

Exactly as I have already mentioned in my previous comment.

kr_raj:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.

Commented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- Points for Ovi

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Venabili
EE Cleanup Volunteer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial