Re: Testing a password
Posted by
Chris Mawata on
Apr 09, 2010; 6:30pm
URL: http://imagej.273.s1.nabble.com/Testing-a-password-tp3688636p3688642.html
Why keep the actual password at all? Use **java.security.MessageDigest**
to create a hash, e.g. MD5.
When you get the user's password you encrypt that and see if it comes to
the same hash.
Chris Mawata
Gabriel Landini wrote:
> On Wednesday 07 April 2010, you wrote:
>
>> I did not want to comment on that, actually as a minimum I would recommend
>> some simple "garbling" of the stored password with some secret "constant" to
>> avoid that the password will directly stand out in any text dump of the
>> class file.
>>
>
> I was thinking of the risk of somebody using a decompiler that will retrieve
> some version of the code. In that case any procedural garbling of the string
> would be retrievable as well.
> Cheers
>
> G.
>
>