Results 1 to 7 of 7
  1. #1
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default password management

    1. I have created a table in oracle named 'rms.usrpass' that saves the passwords against each username. the passwords are saved as ""text""

    2. I have a different username password to access my oracle database.

    3. I have build and clean (on netbeans) the project the created .class files for all the source files.

    4. I deployed the application at the client site. i.e., the user has access to the class files only(from the jar file)

    5. next i opened the class file that contains the username password to access the oracle database in a HEX editor and got the this very username password from there.. i.e., now i can access the oracle (damn) using sqlplus or emc

    6. i accessed the database and found the username and password to the application..

    that was the whole story...

    I need suggestions for better password management.. please suggest.thnx
    The Quieter you become the more you are able to hear !

  2. #2
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,856
    Rep Power
    19

    Default

    You can either encypt the username and password in some form of setup file, which is read by the code (and decrypted), so the raw values aren't instantly visible, or you have to simply go via a web service/web site to gain access to the db.

    The latter would be my preferred choice since that way you can prevent any access to your db except via the service.

  3. #3
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    Quote Originally Posted by Tolls View Post
    or you have to simply go via a web service/web site to gain access to the db.
    .
    how can i do that??

    also where can i find the basics of encryption and de-cryption?
    The Quieter you become the more you are able to hear !

  4. #4
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    in some form of setup file
    wat do you mean by that?
    The Quieter you become the more you are able to hear !

  5. #5
    arun9683 is offline Member
    Join Date
    Jun 2010
    Location
    Bangalore,India
    Posts
    70
    Rep Power
    0

    Default

    there are many encryption/decription algorithms ..

    "SHA" is one of such algorithm..
    Arun K R,Bangalore,India
    :)

  6. #6
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,856
    Rep Power
    19

    Default

    Of course your key would need to be somewhere on the users machine...so it's realy not much (if at all) more secure than you currently have.

    If the logon data has to be on the users machine and someone wants to get at it they will.

    Which is why I suggest a web based access (or similar)...but you'll have to look into that yourself since it's too big a topic to try and explain on a website.

  7. #7
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    Quote Originally Posted by Tolls View Post
    .but you'll have to look into that yourself since it's too big a topic to try and explain on a website.
    Can you please suggest me where to start off.. i mean any links, books, etc..
    thnx
    The Quieter you become the more you are able to hear !

Similar Threads

  1. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum New To Java
    Replies: 2
    Last Post: 11-14-2008, 07:53 PM
  2. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 0
    Last Post: 11-14-2008, 01:22 PM
  3. password ?!
    By jon80 in forum New To Java
    Replies: 9
    Last Post: 11-14-2008, 01:19 PM
  4. How to check password of a jsp/html with the password of Database(mysql) #1
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 2
    Last Post: 11-14-2008, 01:11 PM
  5. How to get password in SWT
    By Java Tip in forum SWT
    Replies: 0
    Last Post: 07-02-2008, 08:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •