Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: Javascript Java Encryption , +
Hello Friends,
 
I have a web aplication with JSP pages and servlets.
 
I have a jsp page with a form with a password input, but when I clicked in the form button I send
the form elements in javascript function that open a new window calling a servlet.
 
the javascript function that open a new window, send the parameters to the servlet, but this parameters can be view in the navigation bar including the password.
 
I use an MD5 javacript function to encrypt my password and sending it to the sevlet, but I dont know how I recover my password from the servlet side. Because I encrypt my password from javascript side, but how I recover my password from my servlet side???
 
the md5 encrypt function (javascript) is form a md5.js library that I download from internet.
 
Please Anyone can help me??
 
Thanks in advance
Att:
Leonardo Ayala R.
Posted 30-Jun-13 19:09pm
Edited 30-Jun-13 19:32pm
v2
Comments
H.Brydon at 1-Jul-13 0:37am
   
I don't have a good answer for you but you shouldn't be using MD5 for new code any more. MD5 encryption has been broken now for more than 15 years.
Sergey Alexandrovich Kryukov at 1-Jul-13 0:46am
   
That's correct, but this "broken" could potentially serve as the answer to the problem... if it could make any sense: cryptographic hash function is supposed to be bot reversible. And I cannot see the ways where reversing of hash could be legitimate.
—SA
Sergey Alexandrovich Kryukov at 1-Jul-13 0:53am
   
Anyway, I provided a more detailed answer, please see.
—SA
leocode7 at 1-Jul-13 1:15am
   
I understand you, you have the reason, but please give me another alternative to send my password parameters in a safely mode, because it can be viewed in the navigation bar in my new window that is was opened. (I used the post method, but the url is visible because I opening in a new window, I need to hide my parameters anyway) please help me.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Nobody is supposed to "recover a password", otherwise it would defeat one of the most important properties of the passwords. Passwords should not be recoverable, ever. If a password is lost, a brand new one should be created. I would say, the major purpose of password recovery would be committing a crime. Passwords in their original form is never needed for authentication. Also, passwords are never stored anywhere, but the cryptographic hash of a password can be stored with reasonable security.
 
Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].
 
Please also see the discussion in the comments to the question. H. Brydon is right: MD5 should never be used for security purposes.
 
—SA
  Permalink  
Comments
leocode7 at 1-Jul-13 1:16am
   
I understand you, you have the reason, but please give me another alternative to send my password parameters in a safely mode, because it can be viewed in the navigation bar in my new window that is was opened. (I used the post method, but the url is visible because I opening in a new window, I need to hide my parameters anyway) please help me.
Sergey Alexandrovich Kryukov at 1-Jul-13 1:32am
   
Alternative to what? You need to describe your settings and the problem. Basically, you should use the hash from SHA-2 family and HTTPS...
—SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

OK, view video tutotial
http://youtu.be/2O6m1568YBM[^]
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 6,045
1 DamithSL 4,601
2 Maciej Los 4,087
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,260


Advertise | Privacy | Mobile
Web04 | 2.8.141220.1 | Last Updated 1 Jul 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100