?
Solved

Storing Passwords in Access Database

Posted on 2003-03-22
14
Medium Priority
?
190 Views
Last Modified: 2010-04-01
Hi,
i have an 'insert form" where students enter their details including their password....

<td><b>Paswword:</b></td>
      <td>
     <input type="password" name="Password"> Password        
         
      </td>
    <tr>
  </table>
<input type="submit" name="Insert" value="Insert Student">


then the form gets processed i.e. the data is sent to my access database.....
statement.setString(12,request.getParameter("Paswword"));
statement.executeUpdate();

<td width="28%" aligh="right">Password</td>
      <td width="72%">
        <%= request.getParameter("Password") %>
         
      </td>
    </tr>

when the form is processed the password is not encrypted, which is o.k, but when i check my access database, the password has not been inserted in the db? why is that? how can I resolve this matter, and still keep the "input type" as password.

Thanx
0
Comment
Question by:neks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188267
input type password shouldn't be changed.

one thing I noticed:

your field name is "Password"

but in your code you are retrieving "Paswword"

try this:

statement.setString(12,request.getParameter("Password"));
statement.executeUpdate();

CJ
0
 

Author Comment

by:neks
ID: 8188358
Thanx,
yeah it was a typing error. Another thing. When a user logs in (with the right password), their name and surname is revealed, with links to "view", "update" or "delete" their record, if one of these links are clicked on, what code do I use to go back to the previous page where the other links are?

String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
     
</tr>

sample of the "viewbuddyform"

String query = "SELECT * FROM Student WHERE StudentID = ?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setInt(1,Integer.parseInt(request.getParameter("id")));
java.sql.ResultSet RS = statement.executeQuery();
%>

<%
while(RS.next())
     {
%>
<form method="Post" action="DisplayDetailedRecord.jsp">
  <table width="50%" border="1">
    <input type="hidden" name="StudentID" value="<%=RS.getString("StudentID") %>">
    <tr>
      <td width="30%"><b>First Name:</b></td>
      <td width="70%"><%=RS.getString("FirstName") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Surname:</b></td>
      <td width="70%"><%=RS.getString("Lastname") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Sex:</b></td>
      <td width="70%"><%=RS.getString("Sex") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Age:</b></td>
      <td width="70%"><%=RS.getString("Age") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Code:</b></td>
      <td width="70%"><%=RS.getString("CourseID") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Name:</b></td>
      <td width="70%"><%=RS.getString("CourseName") %></td>
    </tr>
  </table>

so thus, how would I go back to the previous page?
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188483
you can do two things.

1.  provide a link that has the link with the main page hard coded (recommended b/c it won't fail)

2.  use javascript:
<SCRIPT LANGUAGE="JavaScript"><!--
function back() {
    history.go(-1);
}
//--></SCRIPT>

<A HREF="javascript:back()">Back</A>

HTH,
CJ
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:neks
ID: 8188522
im a new learner when it comes to JSP. If you hard code the page, will it still work if another user uses the same page?

plus can you show me how its done because I have no idea
Thanx
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8188771
what you should do is store their login information, username in session.  so you can retrieve the information for the user who is logged in.

If the session information doesn't exist redirect them to the login page.

If you need help with this let me know, I can post some sample pseudo code for you.

CJ
0
 

Author Comment

by:neks
ID: 8190508
This is what I have done so far for the login information. I need an if statement somewhere incase the username or password is incorrect, directing them to another page, where would that go in my coding below....

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
0
 

Author Comment

by:neks
ID: 8198921
hello,
I still need help with an IF statement, where and what code I should use if the password or username is incorrect (using the code above). Please help.
neks
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8202994
do this:

boolean successfulLogin = false;
<%
while (RS.next()) {
  successfulLogin = true;
                  ID = RS.getString("StudentID");    
%>

<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>

<% } %>
<% if (! successfulLogin) {
      response.sendRedirect("yourloginform.jsp");
   }
%>

You should store successfulLogin in session so that every page checks for it and redirects to your login form if the user has not logged in.

CJ
0
 

Author Comment

by:neks
ID: 8204690

Sorry about this, but Im not sure what you mean by storing "successfulLogin" in session, and i guess thats why an error is coming up saying there is no entity called "succesfulLogin" :(
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8204701
I mean that the above will work for the login submit page.

But to prevent users from directly accessing urls and not logging in you need to store their logged in status in sessino.

the above code should work without that.

lets first fix the above code, then we can get into session stuff.

CJ
0
 

Author Comment

by:neks
ID: 8218974
using your code above that you posted brings up an error saying that "there is no entity called successful Login". I have used the exact code... this is my code below;


boolean successfulLogin = false;
<%
String ID = "";
while(RS.next()){
successfulLogin = true;

                    ID = RS.getString("StudentID");    
%>


<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
     response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>

where am i still going wrong then? I have also created a jsp page called "yourloginform"
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 200 total points
ID: 8219023
move boolean successfulLogin inside the <% ... %> like so:

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                   ID = RS.getString("StudentID");    
%>


<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
    response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>
0
 

Author Comment

by:neks
ID: 8219113

Thanks a million you for your help. You were great!
and most of all patient... Its greatly appreciated
Neks
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8219539
glad I could help and thanx for the "A"

CJ
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question