Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Storing Passwords in Access Database

Posted on 2003-03-22
14
Medium Priority
?
191 Views
Last Modified: 2010-04-01
Hi,
i have an 'insert form" where students enter their details including their password....

<td><b>Paswword:</b></td>
      <td>
     <input type="password" name="Password"> Password        
         
      </td>
    <tr>
  </table>
<input type="submit" name="Insert" value="Insert Student">


then the form gets processed i.e. the data is sent to my access database.....
statement.setString(12,request.getParameter("Paswword"));
statement.executeUpdate();

<td width="28%" aligh="right">Password</td>
      <td width="72%">
        <%= request.getParameter("Password") %>
         
      </td>
    </tr>

when the form is processed the password is not encrypted, which is o.k, but when i check my access database, the password has not been inserted in the db? why is that? how can I resolve this matter, and still keep the "input type" as password.

Thanx
0
Comment
Question by:neks
  • 7
  • 7
14 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188267
input type password shouldn't be changed.

one thing I noticed:

your field name is "Password"

but in your code you are retrieving "Paswword"

try this:

statement.setString(12,request.getParameter("Password"));
statement.executeUpdate();

CJ
0
 

Author Comment

by:neks
ID: 8188358
Thanx,
yeah it was a typing error. Another thing. When a user logs in (with the right password), their name and surname is revealed, with links to "view", "update" or "delete" their record, if one of these links are clicked on, what code do I use to go back to the previous page where the other links are?

String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
     
</tr>

sample of the "viewbuddyform"

String query = "SELECT * FROM Student WHERE StudentID = ?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setInt(1,Integer.parseInt(request.getParameter("id")));
java.sql.ResultSet RS = statement.executeQuery();
%>

<%
while(RS.next())
     {
%>
<form method="Post" action="DisplayDetailedRecord.jsp">
  <table width="50%" border="1">
    <input type="hidden" name="StudentID" value="<%=RS.getString("StudentID") %>">
    <tr>
      <td width="30%"><b>First Name:</b></td>
      <td width="70%"><%=RS.getString("FirstName") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Surname:</b></td>
      <td width="70%"><%=RS.getString("Lastname") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Sex:</b></td>
      <td width="70%"><%=RS.getString("Sex") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Age:</b></td>
      <td width="70%"><%=RS.getString("Age") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Code:</b></td>
      <td width="70%"><%=RS.getString("CourseID") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Name:</b></td>
      <td width="70%"><%=RS.getString("CourseName") %></td>
    </tr>
  </table>

so thus, how would I go back to the previous page?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188483
you can do two things.

1.  provide a link that has the link with the main page hard coded (recommended b/c it won't fail)

2.  use javascript:
<SCRIPT LANGUAGE="JavaScript"><!--
function back() {
    history.go(-1);
}
//--></SCRIPT>

<A HREF="javascript:back()">Back</A>

HTH,
CJ
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:neks
ID: 8188522
im a new learner when it comes to JSP. If you hard code the page, will it still work if another user uses the same page?

plus can you show me how its done because I have no idea
Thanx
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188771
what you should do is store their login information, username in session.  so you can retrieve the information for the user who is logged in.

If the session information doesn't exist redirect them to the login page.

If you need help with this let me know, I can post some sample pseudo code for you.

CJ
0
 

Author Comment

by:neks
ID: 8190508
This is what I have done so far for the login information. I need an if statement somewhere incase the username or password is incorrect, directing them to another page, where would that go in my coding below....

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
0
 

Author Comment

by:neks
ID: 8198921
hello,
I still need help with an IF statement, where and what code I should use if the password or username is incorrect (using the code above). Please help.
neks
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8202994
do this:

boolean successfulLogin = false;
<%
while (RS.next()) {
  successfulLogin = true;
                  ID = RS.getString("StudentID");    
%>

<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>

<% } %>
<% if (! successfulLogin) {
      response.sendRedirect("yourloginform.jsp");
   }
%>

You should store successfulLogin in session so that every page checks for it and redirects to your login form if the user has not logged in.

CJ
0
 

Author Comment

by:neks
ID: 8204690

Sorry about this, but Im not sure what you mean by storing "successfulLogin" in session, and i guess thats why an error is coming up saying there is no entity called "succesfulLogin" :(
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8204701
I mean that the above will work for the login submit page.

But to prevent users from directly accessing urls and not logging in you need to store their logged in status in sessino.

the above code should work without that.

lets first fix the above code, then we can get into session stuff.

CJ
0
 

Author Comment

by:neks
ID: 8218974
using your code above that you posted brings up an error saying that "there is no entity called successful Login". I have used the exact code... this is my code below;


boolean successfulLogin = false;
<%
String ID = "";
while(RS.next()){
successfulLogin = true;

                    ID = RS.getString("StudentID");    
%>


<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
     response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>

where am i still going wrong then? I have also created a jsp page called "yourloginform"
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 200 total points
ID: 8219023
move boolean successfulLogin inside the <% ... %> like so:

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                   ID = RS.getString("StudentID");    
%>


<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
    response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>
0
 

Author Comment

by:neks
ID: 8219113

Thanks a million you for your help. You were great!
and most of all patient... Its greatly appreciated
Neks
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8219539
glad I could help and thanx for the "A"

CJ
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Machine Learning is one of the profound applications of AI and therefore, just like AI, it is surrounded by myths and fears. Check out these facts about ML that demystify the related myths.
How do you create a user-centered user experience on your website? And what are some things you should consider in the process?
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question