How to hide user id and password in java
Hi, I have a j2ee application and somehow they need to know the weblogic system id and password in order for their application to work. We are the administrators and we normally do not tell this id and password.
Now, how can i suggest my application people to use an envrypted id and pass ....i do not know if boot.properties file could be used ?
this is the id and pass to logim to the weblogic console.
any suggestions please ?
With a good enough hash function, hashes are effectively unique.
Say I have a good hash function, H.
Say I have a user, Bob. His password is "bobrocks".
H("bobrocks") = 1B // in hex; really small hash, but this is an example.
So I store in my database (bob : 1B)
Bob wants to login. He types in his password, which I then hash. I compare this hash to the stored hash. They match, and Bob logs in. If you typed in "balogna", the hashes wouldn't match, and you would not log in.
Note that the password database stores 1B - from this hash, you can't tell what the password is. You can, however, tell if someone types in a password that matches it.
That's the simple version. I suggest you read some books, do some research, and ask some questions on the Cryptography forum to understand the whole thing.
~Cheers
Similar Messages
-
How to hide user id and password for auto login in Analyzer 6.5?
Could anyone tell me is it possible to hide the user id and password for auto login in Analyzer version 6.5 and how?Thanks in advance...
Sainath,
Referring admin guide as mentioned by Craig is good option.
Let me give you few steps that I did in one of my projects.
Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
open this in command prompt and then choose the application to which you want to encrypt the password.
then remove userid and password from batch script then run it... it does what you want -
How to hide user id and password in batch scripts
Hi,
Can some one help me to hide the user id and password in batch scripts that used to automate Export and Action script execution process.
Context : In my project client doesn't want display user id and password hence they are looking for secured way to hide them.
Thanks for your answer in advance.
Regards,
Sainath.Sainath,
Referring admin guide as mentioned by Craig is good option.
Let me give you few steps that I did in one of my projects.
Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
open this in command prompt and then choose the application to which you want to encrypt the password.
then remove userid and password from batch script then run it... it does what you want -
How to pass user name and password in openConnection method ?
Hi, Exports,
I am trying to post data from applet to another application which is
protected by network password.
How to pass user name and password when I use openConnection method? In java
doc, this method looks like do not accept these two parameters.
Thanks
----- my code in applet ---------
URL url = new URL("http://127.0.0.1/xml/index.cfm");
URLConnection connection = url.openConnection();
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setUseCaches(false);
connection.setAllowUserInteraction(false);
DataOutputStream dos = new DataOutputStream(connection.getOutputStream());
dos.writeBytes("POST " + path + " HTTP/1.0\r\n");
dos.writeBytes("Referer: http://127.0.0.1/XML/index.cfm\r\n");
dos.writeBytes("Content-Type:
multipart/form-data;boundary=---------------------------7d0b414b04\r\n");
dos.writeBytes("Host: "+host+":"+port+"\r\n");
dos.writeBytes("Content-Length:" + buff.length()+"\r\n");
dos.writeBytes("Connection: Keep-Alive\r\n\n");
dos.writeBytes("-----------------------------7d0b414b04\r\nContent-Dispositi
on: form-data;name=\"xmlDoc\"\r\n\r\n");
dos.writeBytes(buff.toString());
dos.writeBytes("\r\n-----------------------------7d0b414b04--\r\n");
dos.close();
you need to negotiate Authentication in ur applet code...
For example:
If u r using Form based auth u need to send Post a request with j_user_name &
j_password to the action j_security_check. and when server returns back the
cookie
u need to hold it and pass that cookie to the each and every request made to the
protected application.
Basically u need to imitate the browser.
regards
aseem
David wrote:
> Hi, Exports,
>
> I am trying to post data from applet to another application which is
> protected by network password.
> How to pass user name and password when I use openConnection method? In java
> doc, this method looks like do not accept these two parameters.
>
> Thanks
>
> ----- my code in applet ---------
> URL url = new URL("http://127.0.0.1/xml/index.cfm");
> URLConnection connection = url.openConnection();
> connection.setDoInput(true);
> connection.setDoOutput(true);
> connection.setUseCaches(false);
> connection.setAllowUserInteraction(false);
> DataOutputStream dos = new DataOutputStream(connection.getOutputStream());
> dos.writeBytes("POST " + path + " HTTP/1.0\r\n");
> dos.writeBytes("Referer: http://127.0.0.1/XML/index.cfm\r\n");
> dos.writeBytes("Content-Type:
> multipart/form-data;boundary=---------------------------7d0b414b04\r\n");
> dos.writeBytes("Host: "+host+":"+port+"\r\n");
> dos.writeBytes("Content-Length:" + buff.length()+"\r\n");
> dos.writeBytes("Connection: Keep-Alive\r\n\n");
> dos.writeBytes("-----------------------------7d0b414b04\r\nContent-Dispositi
> on: form-data;name=\"xmlDoc\"\r\n\r\n");
> dos.writeBytes(buff.toString());
> dos.writeBytes("\r\n-----------------------------7d0b414b04--\r\n");
> dos.close();
>
> ------------------------------------------
-
How to validate user name and password in webdynpro.
Dear All,
Actually i have created login name and password in view, webdynpro and want to validate the user name and password but i am not finding proper code to how to validate user name and password.
Pl do the needful help.
Regards.
Tazeer.
Moderator Message: There is a seperate forum for WebDynpro. Please ask your question there.
Edited by: kishan P on Oct 5, 2010 1:08 PMHello, I don´t get you question. User authentication is ready out of the box in webdypro...
Regards Otto -
How to suffix user name and password remote pc in shutdown /s command
Hi,
We can shutdown a remote pc using " shutdown /s /m \\ipaddress " command, only if password of remote pc is stored in windows credential manager.
But how to add user name and password when i execute the command for example : when we map a share folder on our pc we use below command with user name and password
"net use * \\ipaddress\share password /user:username "
can we give user name and password of remote pc while we give shutdown command to turn off a remote pc (without adding user name and password to windows credentials).
Thanks in advance..........Hello Jayanth kundar,
Based on my test, I can use the command shutdown /s /m \\10.157.21.77 to shutdown the remote computer when the have the same username and password.
Do you mean that you want to add user name and password when you want to shutdown the remote computer?
I can't find a user name and password in Windows Credential Manager, please share us a screenshot.
Best regards,
Fangzhou CHEN
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How to share user login and passwords between blog, forum and Dreamweaver?
I have a site created with Dreamweaver. I want to allow
visitors to create a username and password which will allow them to
post blog feedback to many pages on my site, post in a forum, and
provide their own comments into a database I can show the results
for on certain pages. The trick is I want this to all work with one
username and password so they don't have to use 3 different logins.
I'm not sure if this is too technical, but I thought I'd ask before
getting into it and realizing it won't work or I don't have a clue
what I'm doing.
I want to allow blog data to be added to a page with CSS
content by both admin and visitors (to create an active discussion
based on the data on that page). I've seen it on some sites, but
don't know how to do it myself:
http://www.joystiq.com/2008/05/19/ea-extends-take-two-purchase-offer-deadline-a-third-time /
I can see they are using Weblogs Inc. software, but it
appears the company only collaborates with people they see a fit
with.
I also want a forum and I know phpp is recommended. I like
the interface, but am unsure if the login data can be shared with a
blog.
Lastly, I wanted to allow users to write their own reviews
and then show the results and average them for display on the site.
I have read and know how to create the database for the site. I
just don't know how to share the usernames and password information
with the blog and forum.
Also, how do I force Dreamweaver to validate that the
usernames and passwords are exactly correct before letting people
post under that identity?
I'm loving Dreamweaver and making sites so far. Just trying
to take it to the next level.
Thanks very much!juxtafras wrote:
> I have a site created with Dreamweaver. I want to allow
visitors to create a
> username and password which will allow them to post blog
feedback to many pages
> on my site, post in a forum, and provide their own
comments into a database I
> can show the results for on certain pages. The trick is
I want this to all
> work with one username and password so they don't have
to use 3 different
> logins. I'm not sure if this is too technical, but I
thought I'd ask before
> getting into it and realizing it won't work or I don't
have a clue what I'm
> doing.
>
> I want to allow blog data to be added to a page with CSS
content by both admin
> and visitors (to create an active discussion based on
the data on that page).
> I've seen it on some sites, but don't know how to do it
myself:
>
>
http://www.joystiq.com/2008/05/19/ea-extends-take-two-purchase-offer-deadline-a-
> third-time/
>
> I can see they are using Weblogs Inc. software, but it
appears the company
> only collaborates with people they see a fit with.
>
> I also want a forum and I know phpp is recommended. I
like the interface, but
> am unsure if the login data can be shared with a blog.
>
> Lastly, I wanted to allow users to write their own
reviews and then show the
> results and average them for display on the site. I have
read and know how to
> create the database for the site. I just don't know how
to share the usernames
> and password information with the blog and forum.
>
> Also, how do I force Dreamweaver to validate that the
usernames and passwords
> are exactly correct before letting people post under
that identity?
>
> I'm loving Dreamweaver and making sites so far. Just
trying to take it to the
> next level.
>
> Thanks very much!
>
What you want is a CMS, but your not going to get one for
Dreamweaver,
well, not the kind you want. Something like Joomla can do
this, you can
add phpBB3 to it, and then using the JFusion extension allow
them to
share the user database, but I warn you now, its a steep
learning curve.
I ended up buying a book just to get to grips with the key
concepts.
Steve -
How to Assign User name and password to the login screen on button click without user type...
Hi,
My requirement is as follows,
I have three inputs which is User name, Password and URL. URL may be like anything like for example gmail,yahoo,hotmail like that.
No need to authenticate the URL. Just i want to place the credentials in User ID and Password controls.
On button click the URL should open in browser and the credentials should place in the controls in log in page.
How to achieve it. Ultimate thought is the user should know the "Password",only admin know the password.
Thanks & Regards
Poomani SankaranHello,
If URL's are internal (not third party) then you can do this by modifying both applications. If you are trying to do this with third party then you have to contact product owner. I don't think there is any code or solution for third party application where
you can set values of controls.
For internal URL's you can create custom web service and call this web service in both the applications. One to get value from first app and then second to set value in another app.
Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help -
How to save user name and password on client tool
Hi,
In our landscape, few users are using webi rich client tool to work offline. They are entering login credentials manually everytime. Is there any way to save the user id and password, so that user can login without manually entering the login credentials everytime. Please find below my system details. Please anyone help is highly appreciated.
System Details:
Server: BOBI 4.1 SP2
Client tool : BOBI 4.1 SP2
Authentication type : Windows AD
Thanking you in anticipation
Obinna.Hello,
oh yes it is!
The Question is for which Front- Ends?
For the WRC you dont have to do anything as long as the Information under "System" is correct and "Windows AD" is selected under "Authentication. Leave "Username" and "Password" blank.
Just hit "OK" and you are logged in.
Regards
-Seb. -
Connecting to SMTP mail server using user name and password in java
Hi,
I am trying to send mail using SMTP server in java.
But my SMTP server only allows valid users to send mails. I need a way to pass my user name and password to my SMTP server.
How do I do this ?
Thank you
RameshI think the client is not able to do a HTTP POST
to the WLS server but it can do a HTTP GET.
I dont know why.
http://manojc.com
"Ganesh" <[email protected]> wrote in message
news:3eba91bc$[email protected]..
>
Hi,
I deployed a rpc web service using WLS 7.0 SP2 in HP-UX 11 environment.When I
invoke the web service through my browser (IE 6.0) using the web servicesurl,
it brings my service method correctly. From there, if I click the invokebutton
it asks me for a network user name and password under "weblogic" realm???If I
provide the admin user credentials (which I supplied while creating mydomain)
it is not accepting that it keeps popping up this network user passwordwindow
over and over. Not sure which username/password I have to provide here tosee
the result of my service.
If I try to invoke the web service through my client (static) I am gettinga connection
refused exception. I guess either way, I am not able to access my webservice.
In the attached file, I have cut and pasted the client stack trace as wellas
the server log trace from weblogic.
Any ideas would be highly appreciated.
Thanks,
Ganesh -
How to get user ID and password in ADF using code?
Hi,
I am using JDev 10.1.3.3 with BC. Security is in OID (user and password) / JAZN.
I am able to get the user ID, using getUserPrincipalName(),
but how to get the password?
I need to pass in a connection string to the Oracle Report Server to run a Oracle report.
Thanks,
JimYou can get the password by attributeBindings.getterMethodforPassword() where getter Method for Password field is created in your backing bean.
But there is no defined method like getUserPrincipalName() for getting Password. -
How to put user name and password
sir,
how to put username and password for clsco wap4410nRefer the link : http://www.cisco.com/c/dam/en/us/td/docs/wireless/access_point/csbap/wap4410n/quick_start/guide/WAP4410N_QuickStartv2.pdf
-
KEY MAP FILE - To hide user id and password
I have read all the documentation on hiding your connection details from the URL using the key map file, but I have a problem:
I have several reports which all use the same user id and connection string. So all I want in my key file is the connection string, but because I don't specify a report in the key file I get an error.
In my cgicmd.dat file I have the following:
MyKeyName: USERID=my_user/my_password@my_database
However when I call the reports from a URL like so:
http://my_server/reports/rwservlet?MyKeyName&report=my_report
I get the error saying that no report is specified on the command line. Surely I don't have to create a key map file entry for every single report with REPORT=report_name????
I have also tried this URL which also gives me the same error:
http://my_server/reports/rwservlet?report=my_report&cmdkey=MyKeyNameNr. 299696,
You are almost there. What you are looking for is a characters to put behind your key to enable that users specifies there parameters. In your case Reports name.
Please check cgicmd.dat for the correct characters. In the file there's lots of examples, so just search.
It might be ?* like
MyKeyName: USERID=my_user/my_password@my_database ?*
However, I'm not 100% sure on that and I don't have an environment right now to check. Please check the cgicmd.dat for the correct one, and then please update this thread.
Regards,
Martin Malmstrom -
How to get User Name and password to hyperion download center?
Do only users who buy hyperion products have to right to access the website?
Yes - you have to have purchased a product in order to download patches or new versions. Also, you have to pay maintenace in order to have access to new versions.This is not unusual for most software companies - some companies allow you to download a time-expiry trial of their software, but others required you to got through their sales channels in order to get an evaluation copy. Hyperion uses the latter approach.Regards,Jade-----------------------------------Jade ColeSenior Business Intelligence ConsultantClarity [email protected]
-
How can I hide the user name and password from the url address?
Good afternoon every body,
I have a form running with Oracle9i Developer Suite Release 2 and when I run the form on the web it shows the user name and password of my data base. Can anyone of you please help me to hide the user name and password, if there's any way of course?.
Thanks a lot!!.Luis,
Then, as inolau's notice, create logon screen (or use the default one) and force the users to logon at runtime. Do not pass username/password as parameters.
inolau,
True that if the connection is specified in the config it will be the same for everyone. However, every case is different. For example one of our apps gets S3 credentials (from non-Oracle S3) as session parameters. It uses this common db connection to validate some stuff with the database, read security definitions and then it re-connects the forms using the credentials.
Maybe you are looking for
-
I've recently changed my password on my e-mail account and now I can't share i photos instead I get a message The email server didn't recognize your username/password combination. How do I change it in i photo pls
-
AR Invoice Crystal Sub-report Editing
Hi experts, please i need a help on editing AR invoice crystal report version in SAP business one . i want to add some fields to the sub report named summary section. For this particular customer he or she wants to see the sum of the individual row
-
HT2736 How i can make a gift card code
How i can make a goft card code
-
ITunes sharing - using AirTunes and older Mac (Firewall)
iTunes lives on my 27" iMac and I would like share the library out to home computers. I plan to have an older iMac G4 publicly accessible so visitors can control the music on the home stereo. I can access iTunes via the iMac G4, I can get to my main
-
Kind of an odd question - I teach a database course and one of the questions I have on an assignment is to find the maximum length of a primary key, basically try to raise an 01450 error. I have an 8k db_block_size setup on the database so the maximu