I am doing a application that deals with where Users can login and see all the GIS Data (Global Information Systems )related to a particular Network .
This is of a normal domain ( I mean which doesn’t involve money)
My question is , when a user logins for at the Login Page ( I am planning to use base64.encode to make the password protected )
I have 3 questions with respect to the above
- Does using base64.encode is suitable here ??
-
When the User submits the User name and Password at the Login page , i am planning to use encrypt at the Servlet level (That is aftre reciving the password using
req.getparameter("password")static public char[] encode(byte[] data)
{}
Please tell me if this is right ??
- And where exactly i need to decrypt the password ?? ( That is do i need to store it in the database with the encrypted value and decrypt it in DAO Layer ??
Please tell me if this is right ??
There are two separate(ish) issues here; authentication and confidentiality. If you need confidentiality, go with HTTPS. Then you do not need to worry about transit-encryption and can just send everything in cleartext (as the SSL will perform full connection encryption for you).
As for password storage; you should never store a cleartext password anywhere. Always hash the password first (at the very least, look up password salting for a much stronger approach) and store the hashed values in the database. When a user sends their password, hash what they have sent and compare that against the value in the database, if they match, their password was correct.
If you don’t want to use SSL/HTTPS, then you are correct in your thinking that you need to avoid sending the password in cleartext. You can achieve this in a number of ways, most appropriate in my opinion would be Challenge-Response, wherein you send a random ‘nonce’ from the php in the login page, by generating a random string and echoing it into a javascript variable.
Then use javascript to compute;
Where hash is a secure hash function such as MD5 or SHA.
That way, on the server, you can authenticate the password without ever having the user send it in the clear. Do this by hashing the value you have stored in the database concatenated with the same nonce, and comparing it against the value sent by the user, if the values match, the password was correct.
The whole point of all this is to protect against Replay Attacks, by making sure that the user never sends the same login string to the server twice. An attacker can eavesdrop and record as many logins as they like, they will all be useless until the same nonce is used with the same user account. Avoiding that is simply a case of using a very large nonce.
Be warned, however, that this approach does not protect against Relay Attacks or Man-in-the-middle Attacks. These classes of attack require mutual authentication that can only be achieved via use of a third party, such as a Certification Authority, which brings us full circle back to SSL/HTTPS.