How do i maintain username and password in database securly

How do I store the user details like username and password.Is it normally what we store data in a table or any cases should we considered.

[152 byte] By [SeetaramRaoa] at [2007-11-27 1:01:49]

«« questions
»» Please help me with this annoying Yahoo! Games problem

# 1

well as far as my experieces are concern ppl encrypt password & store it inside the database(user login table) & there'd be an added option to the user to encrypt the password or not too....which i thnk is certainly a better pratice.

so it adds in one more boolean column in you login db table...:)

Hope that might help.. :)

REGARDS,

RaHuL

RahulSharnaa at 2007-7-11 23:36:46 >

top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...

# 2

You can use one-way encryption, like MD5, to encrypt the values and store them encrypted in the database. This is not highly needed for the username, but it is recommended for the password.

Here is an useful snippet to get the MD5 hash for the given string: http://balusc.xs4all.nl/srv/dev-jep-use.html#GenerateMD5Hash

When an user registers, let it choose a non-existing username and ask for the password twice. If the username does not exist in the database and the entered passwords are equal, then hash the password (and eventually the username) and save it to the database.

When an user logs in, hash the entered password and compare it with the stored hash in the databse. If it is equal, then proceed with login.

BalusCa at 2007-7-11 23:36:46 >

# 3

Your database might have built-in function for creating this hashes then you can INSERT INTO users (username, password) VALUES (?, MD5(?))

_NetMackan_a at 2007-7-11 23:36:46 >

# 4

The encrypted password should be hard to decrypt or impossible. You have to reset the password if user forgot it.

rym82a at 2007-7-11 23:36:46 >

# 5

Is that an issue then? Just write a form with a button "I lost my password" and then send a random password by mail and let the user change it afterwards.I should really wonder if you save passwords unencrypted in a database.

BalusCa at 2007-7-11 23:36:46 >

Database Connectivity

Java Database Connectivity (JDBC)

Java Database Connectivity (JDBC)

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

How do i maintain username and password in database securly

Database Connectivity New Topic

Database Connectivity Hot Topic

Database Connectivity

All Classified