开发者

How to Encryption with JSF

i want encryption password from client side and server side , it means twice encrypted , i found on google snipped 开发者_开发百科code Javascript md5 but how can i do with JSF? in Server side i can do but, but in client side with JSF how do i ?

javascript md 5 : http://phpjs.org/functions/md5:469


MD5 is an one-way encryption. You can't decrypt it back to the original string. It does also not make sense to do this in the view side. If you're using a database to store the data and your intent is to hash the passwords in the DB, then rather do this in the DB side. A bit decent DB offers functions for this. It's unclear which DB you're using, but in case of among others MySQL it's simply called md5().

Rewrite your INSERT as follows:

String sql = "INSERT INTO user (username, password) VALUES (?, md5(?))";

And your SELECT as follows:

String sql = "SELECT * FROM user WHERE username = ? AND password = md5(?)";

If your sole functional requirement is to encrypt the data transferred over HTTP (that wasn't clear from your question at all), then have a look for HTTPS (HTTP using SSL). This is configureable at webserver level. Again, it's unclear which one you're using, but in case of for example Tomcat, you can find detail in this documentation.


Please - don't do this yourself. Use SSL. This should not be too complicated to set up in most application servers and servlet containers.


It's not quite clear what the motivation is for hashing the passwords with md5; if it is to prevent somebody intercepting the traffic to be able to use the password, then this approach won't help: an attacker could then just as well send the hashed password directly, as knowledge of the original password is not necessary anymore.

If you want to use this for authentication without transmitting a password, use digest authentication, based on challenge-response communication.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜