Originally posted here by stonee
A few weeks ago I wrote my first servlet that contained a primitive login system. The system simply took the password field, sent it across the network, and compared it to an encrypted file stored on the server. (This is obviously insecure...)

I see that the code you have written is more interesting. It provides greater security since the password is encrypted before it is sent over. However, I was wondering: does this script protect the user from a keylogger? I am thinking that the answer is no.

What needs to be done in order to prevent key logging? Is this even possible?
yes it is e.g. creating an optional on-line keybord on the authenication page!
user will type the password by clicking his mouse on the keybord! - that minimizes the chances of your input being hooked!