HELP! How do I strip down a string entered from a form?

Hi all & thanks for reading this.

I'm yet another newbie to JSP and struggling a little with a this problem..
I want to strip down  the password entered by the user via a form then run a query on SQL on each letter of the String (like an encryption process).

For example:  password entered = "Test"

split this down.... 1st letter = T

Run query on "T" and Database returns "A"

2nd letter = "E"

Run query on "E" and Database returns "J"

And so on.. so the password "TEST" is actually "AJTF" (simple encyrption)

I have created the database's but I'm just not sure how to strip the string!

If you could help I would appreciated it very much!
Many thanks

Stuart
PigdogmonsterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TimYatesCommented:
Assuming str contains your string you want to encrypt...

(you can do this by request.getParameter( "nameofformfield" ) )

<%
    String encrypted = "" ;

    for( int i = 0 ; i < str.length() ; i++ )
    {
        String letter = "" + str.charAt( i ) ;
       
        // do your query here...return a new letter

        // add the newLetter in to the fully encrypted string
        encrypted += newLetter ;
    }
%>
0
TimYatesCommented:
you might be better off using MD5 for passwords though...

Just so you know ;-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TimYatesCommented:
FYI, this is how you would do the MD5 thing:

-------------------------
<%@ page import="java.security.*" %>
<%@ page import="sun.misc.*" %>
<%!
  public String getEncrypted( String username, String password )
  {
    try
    {
      // Encrypt the username and password added together, so that it cannot be MD5 dictionary hacked
      byte[] encrypt = new String( username + password ).getBytes( "UTF-8" );

      MessageDigest md = MessageDigest.getInstance( "MD5" );
      md.update( encrypt ) ;
      BASE64Encoder enc = new BASE64Encoder() ;
      String ret = enc.encode( md.digest() ) ;
      return ret ;
    }
    catch(Exception e)
    {
      ex.printStackTrace() ;
      return null;
    }
  }
%>

<%
    String username = request.getParameter( "username" ) ;
    String password = request.getParameter( "password" ) ;
    String md5hash = getEncrypted( username, password ) ;
%>

----------------------------------

if you store the md5hash as the user's password in the database, then you just need to check that the md5 hash entered on login by the user is the same as the md5hash in the database, to ensure they entered the correct password...

That way, you never store the unencrypted password in the database, and passwords cannot be extracted from the database even with direct SQL...

Hope this helps :-)

Tim
0
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

PigdogmonsterAuthor Commented:
Hi Tim,

0
TimYatesCommented:
Hi :-)
0
PigdogmonsterAuthor Commented:
This is great thanks but I seem to be having some problems with getting it to work

Here is an extract from my code....

//Start conversion of password

String varPW = request.getParameter("password");

//String encrypted = "" ;

    //for( int i = 0 ; i < varPW.length() ; i++ )
   // {
        //String letter = "" + varPW.charAt( i ) ;
       
        // do your query here...return a new letter

                  //Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                  //Connection con8 = DriverManager.getConnection("jdbc:odbc:DB","UID","PW");
                  //Statement stmt8 = con8.createStatement();
                  //String sql8 = "select * from pw WHERE Col_1 = '" + varPW + "'";
                  //ResultSet rs8 = stmt8.executeQuery(sql8);
                  //stmt8.close();
                  //con8.close();

        // add the newLetter in to the fully encrypted string
                   
            //String varNewPW = rs8.getString(Col_2);
            //encrypted += newLetter;
   // }
      

            if (varPW.equals(varPassword)) {
//Now run query on database against new converted password

}

0
TimYatesCommented:
Ok, what is varPassword?  how do you get that?

All your code does is this:

------------------

String varPW = request.getParameter("password");

if (varPW.equals(varPassword)) {
    //Now run query on database against new converted password
}

------------------

you never set varPassword...
0
PigdogmonsterAuthor Commented:
sorry,  I just left the // in as this is within a page of code....


0
TimYatesCommented:
what is the problem with the code?  What does it do?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.