How to encrypt password using md5
Hello all,
I would like to generate a password and encrypt it using md5 with the current time(System's time) as the key, in Servlets.
How do i go about doing this?
Kindly guide.
regards
appu
>
I would like to generate a password and encrypt it
using md5 MD5 is a non-reversible hashing, not an encryption!
with the current time(System's time) as the
key, If you use the current system time as the key for any encryption algorithm then how are you going to know what system time to use to decrypt?
in Servlets.
How do i go about doing this?Read up on encryption, the JCE and Servlets.
Similar Messages
-
How to encrypte password using form 6i?
Dear all,
How to encrypte password using form 6i?
Best Regards,
Amy
Edited by: amychan60 on Sep 29, 2008 8:23 PMDBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT packages provide APIs for data encryption.
Note: 102902.1 - Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=102902.1
Note: 197400.1 - Example Code Encrypting Credit Card Numbers
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=197400.1
Developing Applications Using Data Encryption
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm -
How to encrypt password in Forms10g while calling in batch mode
We are migrating our Forms 6i batch jobs to Forms10g. There are two ways we can pass login
information.
1. In formsweb.cfg
2. Pass in URL string 'userid=username/password@connectstring'
In both cases the password is not secured. In option # 1 password is in the configuration file in plain text. In
second option # 2, its in the URL.
BTW, we are using HTTPS protocol while calling form in batch mode and we are not using SSO.
Is there a way, we can use data source in frmservlet while calling form in batch mode. Like in Java, we can create data source with indirect password, the password is encrypted.
Basically, we would like to encrypt our password, we have very strict security guidelines.
Please let us know if there are any options, how to encrypt password in Forms 10g
Regards,
GufranOne option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM -
How to encrypt password with hash function in Java?
Hello, everybody!
I will need to store user passwords in a database, but for stronger security I want to store these passwords hashed, so I know I will need a column for the password and for the salt value.
So, I'd like that you indicate me a very good article or tutorial (preferable from Sun) that shows me how to use Java to encrypt and decrypt passwords with hash. It doesn't necessarily need to deal with database. I can implement this part myself after seeing how Java manage encryption with hash functions.
Thank you very much.
MarcosI will tell you more precisely what I want to get better for you to help me.
As I said I implemented in .NET what I need to implement in Java now. In my
database I have a table with this structure (I omitted that columns that are not
necessary to our discussion):
CREATE TABLE EMPLOYEES
ID NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(40), -- password encrypted
HASH_SALT VARCHAR(10) -- salt value used to encrypt password
So, in the table I have a column to store the password encrypted and a column to
store the salt value.
Below is a little utility class (in C#) that I use to generate the salt and
the hashed password.
public static class PasswordUtilities
public static string GenerateSalt()
RNGCryptoServiceProvider encoder = new RNGCryptoServiceProvider();
byte[] buffer = new byte[5];
encoder.GetBytes(buffer);
return Convert.ToBase64String(buffer);
public static string EncryptPassword(string password, string salt)
string encryptedPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(
password + salt, "SHA1");
return encryptedPassword;
}As you can see, the class is fairly simple. It only has two methods: one to
generate the salt value that will be used to encrypt the password and another
one to encrypt the password. The method HashPasswordForStoringInConfigFile of
the FormsAuthentication class is what really hash the password with the salt
value. This class belongs to the .NET library, so we can't see its source code,
but it doesn't matter for our discussion as I know that we can implement
something similar in Java.
Below is a little sample code showing the use of the utility class above to
encrypt a password.
public class Encrypt
public static void Main(string args[])
string password = "Secret";
string salt = PasswordUtilities.GenerateSalt();
string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
// now I store 'encryptedPassword' in the PASSWORD column and 'salt'
// in the HASH_SALT column in the EMPLOYEES table.
}To verify if a password is correct I can use the code below:
public class VerifyPassword
public static void Main(string args[])
string password = GetPasswordFromUser();
// Let's assume that employee is an instance that corresponds to a row
// in the database and the properties HashSalt and Password correspond
// to the HASH_SALT and PASSWORD columns respectively.
Employee employee = GetEmployeeFromDatabase(1);
string salt = employee.HashSalt;
string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
bool passwordMatch = employee.Password.Equals(encryptedPassword);
System.Console.WriteLine(passwordMatch);
}The only thing that interest me in this discussion is the PasswordUtilities class.
As you saw its code is in C#, using the .NET framework libraries.
What I want is to have this same little class coded in Java, to generate the salt
value and to encrypt the password passed in using salt value generated. If you could
help me to do that with articles that have what I want or with code that already do
that I would really appreciate.
Thank you in advance.
Marcos -
How to encrypt password columns
I would like to create a table to store the username and password for all my application users. There are a problem with password encryption. When I create a table as follows,
create table usrmas
(username varchar2(10),
passwd varchar2(20))
All password from the passwd column will be disclosed when somebody query the table. It is not secure. Right?
When I tried to use the table dba_users, for example, there are a user scott with password tiger, I am fail to find a record when I type a sql as follows,
select *
from dba_users
where username = 'SCOTT'
and password = 'TIGER'
Please advice me how I can authenticate user. ThanksIf you have a 10g database, it should be installed by default.
Note, however, that Oracle stores hashed passwords, not encrypted passwords, in the dba_users table. That's more secure since there is no decrypt method for a hashed value. With a hashed value, you can only check whether the user has provided the right password, you can't find out what the right password is.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
How to encrypt password field in JHS_USERS table?
Hi,
We have developed an application using Jdeveloper 10.1.3 and Jheadstart 10.1.3.2.52 version. we are using custom login module using oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule class.
We need to encrypt the password in the table JHS_USERS.
Please let us know the best way of doing it.
Thanks in advance.
Thanks & Regards,
Rama Krishna. PThanks Brent, for pointing my to dbms_crypto package, which seems to be the successor of dbms_obfuscation_toolkit that I was looking at.
I just jumped in in the middle of this thread, my specific requirements might differ from the topic starter's requirements.
Unencrypted storage of passwords in the JHS_USERS table is judged as very unsecure by the security officers that are auditing our application. Anybody with access to the table (DBAs, support engineers, developers, etc.) can read the passwords. As users tend to reuse passwords or password patterns across applications, this is a serious security issue that goes beyond the scope of just our application. So the requirements are: It should not be possible to retrieve a unencrypted password by means of a select statement on JHS_USERS table.
The solution we are heading for is:
- A stored function that generates an MD5-encrypted string for the password, based on the unencrypted password and username. (Using MD5-facilities of dbms_crypto or dbms_obfuscation_toolkit package.)
- Database triggers on JHS_USERS that converts unencrypted password when a user is created or password is changed. (Using the before mentioned stored function.)
- MD5 is a one-directioal encryption mechanism. So the stored passwords cannot be decrypted. This is exactly what we are looking for in terms of security. But I think it forces us to customize the authenticateUser method. That method compares the password entered in the logon page with the password retrieved from JHS_USERS. So just before that comparison, we have to convert the entered username/password combination to a MD5-string too. (Preferable by using the before mentioned stored function again, to be 100% sure that the same algoritm is applied.)
This solution seems to be quit simple and straight forward. However, before starting the implementation I am very curious for experiences (and drawbacks) with similar constructs.
Regards, Eric -
How to encrypt password in serverstopper class??
Hi,
I have configured the weblogic server as windows service and currently using boot identity file for username/pw to startup. To enable graceful shutdown of the server, i am using serverstopper class. But to facilitate changing of pw, i am reading the password from a property file in which the password is stored in plain text format. Is there a way to encrypt the password and configure serverstopper class to use the encrypted password or the serverstopper class can use boot identity file to shutdown? When i tried the serverstopper class without username/pw, i am not able to shutdown the service and getting anonymous user can't shutdown the service. Thanks in advance for your reply.
Thanks,
Kuppusamy.V.,Hi Kuppuswamy,
Here is the simple "WLST interpreter script", I didn't have time so tried to keep java code as simple as possible(didn't follow good coding practices :-( ). Before executing this java program you need to generate keys. Below is the procedure for that.
Assumption :-
BEA_HOME :- /usr/VASVijay/bea10mp1
WL_HOME :- BEA_HOME/wlserver_10.0
1) Go to WL_HOME/server/bin and set the environment by executing "setWLSEnv.sh".
2) Then execute below command which generate "userconfig" and "userkey" files in the directory you had execute this command
java weblogic.Admin -adminurl t3://adminserverl:port -username <adminusername> -password <adminpassword> -userconfigfile userconfig -userkeyfile userkey -STOREUSERCONFIG
This command prompts for "Y" or "N", select "Y", then creates two files "userconfig" and "userkey"
3) Validate above keys are correct, execute below command
java weblogic.Admin -adminurl t3://adminserverl:port -userconfigfile userconfig -userkeyfile userkey -GETSTATE
Above command should display "RUNNING".
4) Compile below java code and execute. Change the server name(VASMS1) in "shutdown('VASMS1','Server') according to your server name.
import java.util.*;
import weblogic.management.scripting.utils.WLSTInterpreter;
import org.python.util.InteractiveInterpreter;
public class VASServerShutdown
static InteractiveInterpreter interpreter = null;
VASServerShutdown()
interpreter = new WLSTInterpreter();
private static void connect()
StringBuffer buffer = new StringBuffer();
buffer.append("connect(userConfigFile='/usr/VASVijay/VASDomains/VASNewDomain/userconfig',userKeyFile='/usr/VASVijay/VASDomains/VAS
NewDomain/userkey',url='t3://localhost:8001') \n");
buffer.append("print(cmo)");
interpreter.exec(buffer.toString());
public static void serverShutdown()
StringBuffer buffer = new StringBuffer();
buffer.append("shutdown('VASMS1','Server')");
interpreter.exec(buffer.toString());
public static void main(String args[])
new VASServerShutdown();
connect();
serverShutdown();
Let me know if you have any issues or you require something additional.
Thanks.
Vijay Bheemineni.
Edited by: VAS Vijay Bheemineni on Nov 3, 2009 9:18 PM -
How to encrypt password in Sun ONE directory server?
Hi,
I'm trying to perform an update to a password field in Sun ONE directory server using JNDI, but the stored password does not get encrypted by the directory server. I've searched the forum, and only found examples on how to do so for Active Directory. Please help.
ThanksYou didn't make mention of setting up ssl on the server side, so search these boards for openssl. Some nice person uploaded an nice example of how do use openssl to do this.
To get the ssl certs for the solaris-client ssl authentication ( tls:simple ) to work you will need to use netscape to connect to the ssl port to get the right format. There are comments in that same doc on how to do that. -
How to validate password using LDAP using client script JSOM
Hi All,
I have a requirement in my sharepoint 2013 project. I need to force user to signature digitally by reentering his password so that the system will validate his user name and password. If its validated user can access that document.
For this, can we use any JSOM funnctions to access LDAP and validate the password ? Can anyone help with possible approaches I can take for achieving this functionality ?
Thanks in advance.
Regards
NimishaHi Nimisha,
Thanks. Got your requirement, if you validate user credentials using client side script, it can be security breach. Because the password can be accessible by other user.
I would suggest you to go with server side.
Still you would like to go with client side script please refer the below link
http://sharepoint.stackexchange.com/questions/79803/how-to-authenticate-user-in-sharepoint-online-using-javascript
Sekar - Our life is short, so help others to grow
Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever you
see a reply being an answer to the question of the thread, click "Mark As Answer -
How to encrypt Password while calling Portal URL from Abap
Hi all,
My requirement is to call portal from R/3 4.6C. As part of it I'm calling Portal URL along with user id & Password by using the FM CALL_BROWSER. The problem here is User ID & Password are visible everyone in the URL.
Is there any way that I can encrypt sothat it doesn't become a security issue?
I really appreaciate for your help.
Thanks
Seshucan you please mention the abap code by which you are sending the username and password to a portal via url.....
are you able to log on to the portal...please share your code ......
Edited by: Ashutosh Shukla on Apr 18, 2008 9:17 AM -
How create encrypted/password-protected zip file?
Any idea if there's a way with the Java API to create an encrypted and password-protected ZIP file? I know how to create a zip file with Java, but I need encryption and password protection.
Thanks for the link, but that's not a solution. It's 3 years old (and still not resolved) and I'm looking for a Java solution.
-
How to encrypt password information in exp statement
Hi there,
I want to back up my database in full mode every night in the server.
To do that, I wrote a batch file which includes the following row.
exp system/pass@orcl file="C:\full.dmp" full=Y ....
And I put that batch file into scheduled tasks of windows.
But when I use this batch, anyone who access the server can easily learn the password of the system user.
Is there any way to encrypt this password information in batch ?
Any suggesstions ?
Thanks in Advance
OzerHi,
Ths is a funcion of the os not exp/imp. Some operation systems will hidethe argv list and some won't. You could put the username/password in a parfile, but then you would have to make sure your parfile is protected enough.
Dean -
How to encrypt password in oracle?
I've created a table to store usernames and passwords.
In Mysql,I can encrypt the password by sql like this:"insert into user(userid,passwd) values('test',password('test'));".
Is there any similar method in Oracle?
thanks.I'm using Oracle 8.0.5,and there's no package of DBMS_OBFUSCATION_TOOLKIT.
Maybe I should edit my own encrypt and decrypt fuction,as the example in ASKTOM(the link by Harold Bauer)
Anyway,thank all of you very much! -
How to encrypt data using DES in ABAP?
Hi Experts,
I need to do encryption/decryption between ABAP and JAVA.
Is there any function in ABAP world can do the DES or any other well known symmetrical encryption?
Thank you so much!
Best Regards,
Guo Guo QingA lot of SAP installations use Gnu-PGP for encryption.
When you have installed GPG software on your server and created the appropriate keys, you create an external command in SAP via SM69 to execute the GPG encryption command.
Finally, create a function module that builds the encryption command line as appropriate, then calls the external command defined in SM69.
GPG is free software licensed under the GNU General Public License umbrella, so won't cost you anything. See URL [http://www.gnupg.org] for full information and software download.
Regards,
D. -
How to encrypt data using GnuPg
Hello
I am unable do encryption using GPG public key encryption.
Can anyone help me in this.
THanks & RegardsA lot of SAP installations use Gnu-PGP for encryption.
When you have installed GPG software on your server and created the appropriate keys, you create an external command in SAP via SM69 to execute the GPG encryption command.
Finally, create a function module that builds the encryption command line as appropriate, then calls the external command defined in SM69.
GPG is free software licensed under the GNU General Public License umbrella, so won't cost you anything. See URL [http://www.gnupg.org] for full information and software download.
Regards,
D.
Maybe you are looking for
-
Pay Scale inrease - Custom Program
HI Guyz, A custom program is developed for the pay scale increase and it should be run on a regular basis as a background job to update the pay increase of the employees who have completed either 60 days or 6 months or 9 months from the hire or
-
Upgraded to 10.6.1.17 and now purchased songs skip
So I upgraded a couple days ago and have noticed that certain songs skip before the song is finished, anywhere from 60-20 seconds before the end of the song. The only songs I've noticed this on are purchased from the iTunes Store. Crossafde is off a
-
How do I see the source code in a Digital Edition doc?
First let me say that as an author, I'm a huGe fan of DRM and anything else that protects my ability to feed my family by allowing me to control who can sell my copyrighted works. But.....I'm creating a book that I hope will eventually be accessed th
-
Help! PHP Includes driving me crazy!
I thought I was beginning to get the hang of this, but things are beginning to behave in a strange manner. I made a navBar which came out looking more or less the way I wanted to which you can see here.. But in subsequent pages that I'm trying to cop
-
Event Notifications for Deadlock Graphs
So, I was trying to setup emailing of deadlock graphs using event notifications. I followed the information I found in Jonathon Kehayias PASS information, but it appears (and maybe I am wrong) that event notifications and queues only work on the data