Solved

HELP! How do I strip down a string entered from a form?

Posted on 2003-11-24
9
254 Views
Last Modified: 2010-04-01
Hi all & thanks for reading this.

I'm yet another newbie to JSP and struggling a little with a this problem..
I want to strip down  the password entered by the user via a form then run a query on SQL on each letter of the String (like an encryption process).

For example:  password entered = "Test"

split this down.... 1st letter = T

Run query on "T" and Database returns "A"

2nd letter = "E"

Run query on "E" and Database returns "J"

And so on.. so the password "TEST" is actually "AJTF" (simple encyrption)

I have created the database's but I'm just not sure how to strip the string!

If you could help I would appreciated it very much!
Many thanks

Stuart
0
Comment
Question by:Pigdogmonster
  • 6
  • 3
9 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 9809704
Assuming str contains your string you want to encrypt...

(you can do this by request.getParameter( "nameofformfield" ) )

<%
    String encrypted = "" ;

    for( int i = 0 ; i < str.length() ; i++ )
    {
        String letter = "" + str.charAt( i ) ;
       
        // do your query here...return a new letter

        // add the newLetter in to the fully encrypted string
        encrypted += newLetter ;
    }
%>
0
 
LVL 35

Accepted Solution

by:
TimYates earned 50 total points
ID: 9809710
you might be better off using MD5 for passwords though...

Just so you know ;-)
0
 
LVL 35

Expert Comment

by:TimYates
ID: 9809824
FYI, this is how you would do the MD5 thing:

-------------------------
<%@ page import="java.security.*" %>
<%@ page import="sun.misc.*" %>
<%!
  public String getEncrypted( String username, String password )
  {
    try
    {
      // Encrypt the username and password added together, so that it cannot be MD5 dictionary hacked
      byte[] encrypt = new String( username + password ).getBytes( "UTF-8" );

      MessageDigest md = MessageDigest.getInstance( "MD5" );
      md.update( encrypt ) ;
      BASE64Encoder enc = new BASE64Encoder() ;
      String ret = enc.encode( md.digest() ) ;
      return ret ;
    }
    catch(Exception e)
    {
      ex.printStackTrace() ;
      return null;
    }
  }
%>

<%
    String username = request.getParameter( "username" ) ;
    String password = request.getParameter( "password" ) ;
    String md5hash = getEncrypted( username, password ) ;
%>

----------------------------------

if you store the md5hash as the user's password in the database, then you just need to check that the md5 hash entered on login by the user is the same as the md5hash in the database, to ensure they entered the correct password...

That way, you never store the unencrypted password in the database, and passwords cannot be extracted from the database even with direct SQL...

Hope this helps :-)

Tim
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:Pigdogmonster
ID: 9809995
Hi Tim,

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9810059
Hi :-)
0
 

Author Comment

by:Pigdogmonster
ID: 9810072
This is great thanks but I seem to be having some problems with getting it to work

Here is an extract from my code....

//Start conversion of password

String varPW = request.getParameter("password");

//String encrypted = "" ;

    //for( int i = 0 ; i < varPW.length() ; i++ )
   // {
        //String letter = "" + varPW.charAt( i ) ;
       
        // do your query here...return a new letter

                  //Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                  //Connection con8 = DriverManager.getConnection("jdbc:odbc:DB","UID","PW");
                  //Statement stmt8 = con8.createStatement();
                  //String sql8 = "select * from pw WHERE Col_1 = '" + varPW + "'";
                  //ResultSet rs8 = stmt8.executeQuery(sql8);
                  //stmt8.close();
                  //con8.close();

        // add the newLetter in to the fully encrypted string
                   
            //String varNewPW = rs8.getString(Col_2);
            //encrypted += newLetter;
   // }
      

            if (varPW.equals(varPassword)) {
//Now run query on database against new converted password

}

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9810597
Ok, what is varPassword?  how do you get that?

All your code does is this:

------------------

String varPW = request.getParameter("password");

if (varPW.equals(varPassword)) {
    //Now run query on database against new converted password
}

------------------

you never set varPassword...
0
 

Author Comment

by:Pigdogmonster
ID: 9810644
sorry,  I just left the // in as this is within a page of code....


0
 
LVL 35

Expert Comment

by:TimYates
ID: 9811010
what is the problem with the code?  What does it do?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
maven project in eclipse 11 60
How to set default webapp for host 6 47
how to add new optional parameter to JSP 1 49
ejb on wildfly 5 30
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
ConnectWise and their customers need to ensure critical alerts automatically reach the right person at the right time. MSP superheros efficiently respond to these alerts key is providing automatic, intelligent alerting that generates a complete audi…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question