password authentication
Results 1 to 3 of 3

Thread: password authentication

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    password authentication

    i am developing a web based forum for the student of agriculture university of my state.much like antionline(but on a small scale) as they don't have much funds i am doing it with just a team of two.
    the logic is simple when u type the mydomain.com in browser u get a password prompt if u enter a valid id and password u are given access to disscussion forum.

    everything has worked out fine i have developed it using JSP,servlets,java beans and xml.
    i am validating password using simple jdbc(select password from usertable where userid="${param.userId}").

    i was wondering whether it is a good idea to validate passwords in simple text(i gues the answer will always be no)what options do i have ok i can use HTTP based authentication ssl/tls but any other ways i wanted to know what mathods are used by majors web sites now a days.
    i have also heard of a way to use xml in my code to secure password authentication is it a better way ?
    nobody is perfect i am nobody

  2. #2
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    why not look at htaccess?
    http://searchnetworking.techtarget.c...214573,00.html

    or why not just use phpbb, I believe that is what this forum is based off of. it will give you all the forum capabilities and have authentication built in
    http://www.phpbb.com/
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: password authentication

    Originally posted here by littlenick
    i am validating password using simple jdbc(select password from usertable where userid="${param.userId}").
    Not sure, I know next to nothing about JSP/jdbc but it looks like you're vulnerable to an SQL injection.

    What happens when someone enters a" or 1=1 -- as a username?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •