i am developing a web based forum for the student of agriculture university of my state.much like antionline(but on a small scale) as they don't have much funds i am doing it with just a team of two.
the logic is simple when u type the mydomain.com in browser u get a password prompt if u enter a valid id and password u are given access to disscussion forum.
everything has worked out fine i have developed it using JSP,servlets,java beans and xml.
i am validating password using simple jdbc(select password from usertable where userid="${param.userId}").
i was wondering whether it is a good idea to validate passwords in simple text(i gues the answer will always be no)what options do i have ok i can use HTTP based authentication ssl/tls but any other ways i wanted to know what mathods are used by majors web sites now a days.
i have also heard of a way to use xml in my code to secure password authentication is it a better way ?