[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

HELP! How do I strip down a string entered from a form?

Hi all & thanks for reading this.

I'm yet another newbie to JSP and struggling a little with a this problem..
I want to strip down  the password entered by the user via a form then run a query on SQL on each letter of the String (like an encryption process).

For example:  password entered = "Test"

split this down.... 1st letter = T

Run query on "T" and Database returns "A"

2nd letter = "E"

Run query on "E" and Database returns "J"

And so on.. so the password "TEST" is actually "AJTF" (simple encyrption)

I have created the database's but I'm just not sure how to strip the string!

If you could help I would appreciated it very much!
Many thanks

Stuart
0
Pigdogmonster
Asked:
Pigdogmonster
  • 6
  • 3
1 Solution
 
TimYatesCommented:
Assuming str contains your string you want to encrypt...

(you can do this by request.getParameter( "nameofformfield" ) )

<%
    String encrypted = "" ;

    for( int i = 0 ; i < str.length() ; i++ )
    {
        String letter = "" + str.charAt( i ) ;
       
        // do your query here...return a new letter

        // add the newLetter in to the fully encrypted string
        encrypted += newLetter ;
    }
%>
0
 
TimYatesCommented:
you might be better off using MD5 for passwords though...

Just so you know ;-)
0
 
TimYatesCommented:
FYI, this is how you would do the MD5 thing:

-------------------------
<%@ page import="java.security.*" %>
<%@ page import="sun.misc.*" %>
<%!
  public String getEncrypted( String username, String password )
  {
    try
    {
      // Encrypt the username and password added together, so that it cannot be MD5 dictionary hacked
      byte[] encrypt = new String( username + password ).getBytes( "UTF-8" );

      MessageDigest md = MessageDigest.getInstance( "MD5" );
      md.update( encrypt ) ;
      BASE64Encoder enc = new BASE64Encoder() ;
      String ret = enc.encode( md.digest() ) ;
      return ret ;
    }
    catch(Exception e)
    {
      ex.printStackTrace() ;
      return null;
    }
  }
%>

<%
    String username = request.getParameter( "username" ) ;
    String password = request.getParameter( "password" ) ;
    String md5hash = getEncrypted( username, password ) ;
%>

----------------------------------

if you store the md5hash as the user's password in the database, then you just need to check that the md5 hash entered on login by the user is the same as the md5hash in the database, to ensure they entered the correct password...

That way, you never store the unencrypted password in the database, and passwords cannot be extracted from the database even with direct SQL...

Hope this helps :-)

Tim
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PigdogmonsterAuthor Commented:
Hi Tim,

0
 
TimYatesCommented:
Hi :-)
0
 
PigdogmonsterAuthor Commented:
This is great thanks but I seem to be having some problems with getting it to work

Here is an extract from my code....

//Start conversion of password

String varPW = request.getParameter("password");

//String encrypted = "" ;

    //for( int i = 0 ; i < varPW.length() ; i++ )
   // {
        //String letter = "" + varPW.charAt( i ) ;
       
        // do your query here...return a new letter

                  //Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                  //Connection con8 = DriverManager.getConnection("jdbc:odbc:DB","UID","PW");
                  //Statement stmt8 = con8.createStatement();
                  //String sql8 = "select * from pw WHERE Col_1 = '" + varPW + "'";
                  //ResultSet rs8 = stmt8.executeQuery(sql8);
                  //stmt8.close();
                  //con8.close();

        // add the newLetter in to the fully encrypted string
                   
            //String varNewPW = rs8.getString(Col_2);
            //encrypted += newLetter;
   // }
      

            if (varPW.equals(varPassword)) {
//Now run query on database against new converted password

}

0
 
TimYatesCommented:
Ok, what is varPassword?  how do you get that?

All your code does is this:

------------------

String varPW = request.getParameter("password");

if (varPW.equals(varPassword)) {
    //Now run query on database against new converted password
}

------------------

you never set varPassword...
0
 
PigdogmonsterAuthor Commented:
sorry,  I just left the // in as this is within a page of code....


0
 
TimYatesCommented:
what is the problem with the code?  What does it do?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now