[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

HELP! How do I strip down a string entered from a form?

Posted on 2003-11-24
9
Medium Priority
?
262 Views
Last Modified: 2010-04-01
Hi all & thanks for reading this.

I'm yet another newbie to JSP and struggling a little with a this problem..
I want to strip down  the password entered by the user via a form then run a query on SQL on each letter of the String (like an encryption process).

For example:  password entered = "Test"

split this down.... 1st letter = T

Run query on "T" and Database returns "A"

2nd letter = "E"

Run query on "E" and Database returns "J"

And so on.. so the password "TEST" is actually "AJTF" (simple encyrption)

I have created the database's but I'm just not sure how to strip the string!

If you could help I would appreciated it very much!
Many thanks

Stuart
0
Comment
Question by:Pigdogmonster
  • 6
  • 3
9 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 9809704
Assuming str contains your string you want to encrypt...

(you can do this by request.getParameter( "nameofformfield" ) )

<%
    String encrypted = "" ;

    for( int i = 0 ; i < str.length() ; i++ )
    {
        String letter = "" + str.charAt( i ) ;
       
        // do your query here...return a new letter

        // add the newLetter in to the fully encrypted string
        encrypted += newLetter ;
    }
%>
0
 
LVL 35

Accepted Solution

by:
TimYates earned 200 total points
ID: 9809710
you might be better off using MD5 for passwords though...

Just so you know ;-)
0
 
LVL 35

Expert Comment

by:TimYates
ID: 9809824
FYI, this is how you would do the MD5 thing:

-------------------------
<%@ page import="java.security.*" %>
<%@ page import="sun.misc.*" %>
<%!
  public String getEncrypted( String username, String password )
  {
    try
    {
      // Encrypt the username and password added together, so that it cannot be MD5 dictionary hacked
      byte[] encrypt = new String( username + password ).getBytes( "UTF-8" );

      MessageDigest md = MessageDigest.getInstance( "MD5" );
      md.update( encrypt ) ;
      BASE64Encoder enc = new BASE64Encoder() ;
      String ret = enc.encode( md.digest() ) ;
      return ret ;
    }
    catch(Exception e)
    {
      ex.printStackTrace() ;
      return null;
    }
  }
%>

<%
    String username = request.getParameter( "username" ) ;
    String password = request.getParameter( "password" ) ;
    String md5hash = getEncrypted( username, password ) ;
%>

----------------------------------

if you store the md5hash as the user's password in the database, then you just need to check that the md5 hash entered on login by the user is the same as the md5hash in the database, to ensure they entered the correct password...

That way, you never store the unencrypted password in the database, and passwords cannot be extracted from the database even with direct SQL...

Hope this helps :-)

Tim
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 

Author Comment

by:Pigdogmonster
ID: 9809995
Hi Tim,

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9810059
Hi :-)
0
 

Author Comment

by:Pigdogmonster
ID: 9810072
This is great thanks but I seem to be having some problems with getting it to work

Here is an extract from my code....

//Start conversion of password

String varPW = request.getParameter("password");

//String encrypted = "" ;

    //for( int i = 0 ; i < varPW.length() ; i++ )
   // {
        //String letter = "" + varPW.charAt( i ) ;
       
        // do your query here...return a new letter

                  //Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                  //Connection con8 = DriverManager.getConnection("jdbc:odbc:DB","UID","PW");
                  //Statement stmt8 = con8.createStatement();
                  //String sql8 = "select * from pw WHERE Col_1 = '" + varPW + "'";
                  //ResultSet rs8 = stmt8.executeQuery(sql8);
                  //stmt8.close();
                  //con8.close();

        // add the newLetter in to the fully encrypted string
                   
            //String varNewPW = rs8.getString(Col_2);
            //encrypted += newLetter;
   // }
      

            if (varPW.equals(varPassword)) {
//Now run query on database against new converted password

}

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9810597
Ok, what is varPassword?  how do you get that?

All your code does is this:

------------------

String varPW = request.getParameter("password");

if (varPW.equals(varPassword)) {
    //Now run query on database against new converted password
}

------------------

you never set varPassword...
0
 

Author Comment

by:Pigdogmonster
ID: 9810644
sorry,  I just left the // in as this is within a page of code....


0
 
LVL 35

Expert Comment

by:TimYates
ID: 9811010
what is the problem with the code?  What does it do?
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
Can you run Linux on a Windows system?  Yep.  Here's how.
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question