Home/ Questions/Q 849427
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T07:06:14+00:00

I use jsp and servlets in my web application. i need to store passwords

  • 0

I use jsp and servlets in my web application. i need to store passwords in the database. I found that hashing will be the best way to do that.
I used this code to do it.

                <%@page import="com.jSurvey.entity.*"    %>
    <%@page import="java.security.MessageDigest" %>
    <%@page import="java.security.NoSuchAlgorithmException" %>
    <%@page import="java.math.BigInteger" %>
    <%@page import="com.jSurvey.controller.*" %>
    <%@page import="sun.misc.BASE64Encoder" %>
    <%try {
                    String user = request.getParameter("Username");
                    String pass = request.getParameter("Password1");
                    String name = request.getParameter("Name");
                    String mail = request.getParameter("email");
                    String phone = request.getParameter("phone");
                    String add1 = request.getParameter("address1");
                    String add2 = request.getParameter("address2");
                    String country = request.getParameter("country");
                    Login login = new Login();
                    Account account = new Account();

                    login.setId(user);
                    login.setPassword(pass);
                    if (!(add1.equals(""))) {
                        account.setAddress1(add1);
                    }
                    if (!(add2.equals(""))) {
                        account.setAddress2(add2);
                    }
                    if (!(country.equals(""))) {
                        account.setCountry(country);
                    }
                    account.setId(user);
                    account.setMail_id(mail);
                    if (!(phone.equals(""))) {
                        account.setPhone_no(Long.parseLong(phone));
                    }
                    account.setName(name);
                    java.security.MessageDigest d = null;
                    d = java.security.MessageDigest.getInstance("SHA-1");
                    d.reset();
                    d.update(pass.getBytes("UTF-8"));
                    byte b[] = d.digest();
                    String tmp = (new BASE64Encoder()).encode(b);

                    account.setPassword(tmp);
                    account.setPrivilege(1);
                    LoginJpaController logcon = new LoginJpaController();
                    AccountJpaController acccon = new AccountJpaController();
                    logcon.create(login);
                    acccon.create(account);
                    session.setAttribute("user", user);
                    response.sendRedirect("dashboard.jsp");
                } catch (NumberFormatException ex) {
                    out.println("Invalid data");
                }
    %>

When i tried to print the value of tmp, i get some other value.i guess its the hash value of the password. But when i persist this data to the database the original password gets saved there other than the value in tmp..

I am using java derby as the database.

What is the problem???

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. Add salt. For example append the email to the password before hashing. This will prevent the usage of rainbow tables
    2. Make sure you use tmp in your INSERT query, rather than the original password.
    3. Don’t use BASE64Encoder. It is part of Sun’s internal libraries and is subject to change. Use commons-codec Base64
    • 0