Solved

HELP! How do I strip down a string entered from a form?

Posted on 2003-11-24
9
251 Views
Last Modified: 2010-04-01
Hi all & thanks for reading this.

I'm yet another newbie to JSP and struggling a little with a this problem..
I want to strip down  the password entered by the user via a form then run a query on SQL on each letter of the String (like an encryption process).

For example:  password entered = "Test"

split this down.... 1st letter = T

Run query on "T" and Database returns "A"

2nd letter = "E"

Run query on "E" and Database returns "J"

And so on.. so the password "TEST" is actually "AJTF" (simple encyrption)

I have created the database's but I'm just not sure how to strip the string!

If you could help I would appreciated it very much!
Many thanks

Stuart
0
Comment
Question by:Pigdogmonster
  • 6
  • 3
9 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 9809704
Assuming str contains your string you want to encrypt...

(you can do this by request.getParameter( "nameofformfield" ) )

<%
    String encrypted = "" ;

    for( int i = 0 ; i < str.length() ; i++ )
    {
        String letter = "" + str.charAt( i ) ;
       
        // do your query here...return a new letter

        // add the newLetter in to the fully encrypted string
        encrypted += newLetter ;
    }
%>
0
 
LVL 35

Accepted Solution

by:
TimYates earned 50 total points
ID: 9809710
you might be better off using MD5 for passwords though...

Just so you know ;-)
0
 
LVL 35

Expert Comment

by:TimYates
ID: 9809824
FYI, this is how you would do the MD5 thing:

-------------------------
<%@ page import="java.security.*" %>
<%@ page import="sun.misc.*" %>
<%!
  public String getEncrypted( String username, String password )
  {
    try
    {
      // Encrypt the username and password added together, so that it cannot be MD5 dictionary hacked
      byte[] encrypt = new String( username + password ).getBytes( "UTF-8" );

      MessageDigest md = MessageDigest.getInstance( "MD5" );
      md.update( encrypt ) ;
      BASE64Encoder enc = new BASE64Encoder() ;
      String ret = enc.encode( md.digest() ) ;
      return ret ;
    }
    catch(Exception e)
    {
      ex.printStackTrace() ;
      return null;
    }
  }
%>

<%
    String username = request.getParameter( "username" ) ;
    String password = request.getParameter( "password" ) ;
    String md5hash = getEncrypted( username, password ) ;
%>

----------------------------------

if you store the md5hash as the user's password in the database, then you just need to check that the md5 hash entered on login by the user is the same as the md5hash in the database, to ensure they entered the correct password...

That way, you never store the unencrypted password in the database, and passwords cannot be extracted from the database even with direct SQL...

Hope this helps :-)

Tim
0
 

Author Comment

by:Pigdogmonster
ID: 9809995
Hi Tim,

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 35

Expert Comment

by:TimYates
ID: 9810059
Hi :-)
0
 

Author Comment

by:Pigdogmonster
ID: 9810072
This is great thanks but I seem to be having some problems with getting it to work

Here is an extract from my code....

//Start conversion of password

String varPW = request.getParameter("password");

//String encrypted = "" ;

    //for( int i = 0 ; i < varPW.length() ; i++ )
   // {
        //String letter = "" + varPW.charAt( i ) ;
       
        // do your query here...return a new letter

                  //Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                  //Connection con8 = DriverManager.getConnection("jdbc:odbc:DB","UID","PW");
                  //Statement stmt8 = con8.createStatement();
                  //String sql8 = "select * from pw WHERE Col_1 = '" + varPW + "'";
                  //ResultSet rs8 = stmt8.executeQuery(sql8);
                  //stmt8.close();
                  //con8.close();

        // add the newLetter in to the fully encrypted string
                   
            //String varNewPW = rs8.getString(Col_2);
            //encrypted += newLetter;
   // }
      

            if (varPW.equals(varPassword)) {
//Now run query on database against new converted password

}

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9810597
Ok, what is varPassword?  how do you get that?

All your code does is this:

------------------

String varPW = request.getParameter("password");

if (varPW.equals(varPassword)) {
    //Now run query on database against new converted password
}

------------------

you never set varPassword...
0
 

Author Comment

by:Pigdogmonster
ID: 9810644
sorry,  I just left the // in as this is within a page of code....


0
 
LVL 35

Expert Comment

by:TimYates
ID: 9811010
what is the problem with the code?  What does it do?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Apache server configuration 7 80
method inner class 6 81
dynamic reloading of jsp in jetty 2 118
Clear browser cache on site login, is it possible? 3 24
When we talk about DevOps toolchains, I sometimes wonder how many people really get what we’re talking about. I don’t know if it’s just semantics or tone or something else, but sometimes I think it just sounds like buzzword sausage. So it’s always …
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now