Click here to Skip to main content
12,068,108 members (39,056 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: Javascript Java Encryption JSP JSF , +
Hello Friends,

I have a web aplication with JSP pages and servlets.

I have a jsp page with a form with a password input, but when I clicked in the form button I send
the form elements in javascript function that open a new window calling a servlet.

the javascript function that open a new window, send the parameters to the servlet, but this parameters can be view in the navigation bar including the password.

I use an MD5 javacript function to encrypt my password and sending it to the sevlet, but I dont know how I recover my password from the servlet side. Because I encrypt my password from javascript side, but how I recover my password from my servlet side???

the md5 encrypt function (javascript) is form a md5.js library that I download from internet.

Please Anyone can help me??

Thanks in advance
Att:
Leonardo Ayala R.
Posted 30-Jun-13 19:09pm
Edited 30-Jun-13 19:32pm
Rohan Leuva114.7K
v2
Comments
H.Brydon 1-Jul-13 0:37am
   
I don't have a good answer for you but you shouldn't be using MD5 for new code any more. MD5 encryption has been broken now for more than 15 years.
   
That's correct, but this "broken" could potentially serve as the answer to the problem... if it could make any sense: cryptographic hash function is supposed to be bot reversible. And I cannot see the ways where reversing of hash could be legitimate.
—SA
   
Anyway, I provided a more detailed answer, please see.
—SA
leocode7 1-Jul-13 1:15am
   
I understand you, you have the reason, but please give me another alternative to send my password parameters in a safely mode, because it can be viewed in the navigation bar in my new window that is was opened. (I used the post method, but the url is visible because I opening in a new window, I need to hide my parameters anyway) please help me.

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Nobody is supposed to "recover a password", otherwise it would defeat one of the most important properties of the passwords. Passwords should not be recoverable, ever. If a password is lost, a brand new one should be created. I would say, the major purpose of password recovery would be committing a crime. Passwords in their original form is never needed for authentication. Also, passwords are never stored anywhere, but the cryptographic hash of a password can be stored with reasonable security.

Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

Please also see the discussion in the comments to the question. H. Brydon is right: MD5 should never be used for security purposes.

—SA
  Permalink  
Comments
leocode7 1-Jul-13 1:16am
   
I understand you, you have the reason, but please give me another alternative to send my password parameters in a safely mode, because it can be viewed in the navigation bar in my new window that is was opened. (I used the post method, but the url is visible because I opening in a new window, I need to hide my parameters anyway) please help me.
   
Alternative to what? You need to describe your settings and the problem. Basically, you should use the hash from SHA-2 family and HTTPS...
—SA
CPallini 23-Oct-15 2:31am
   
5.
   
Thank you, Carlo.
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web04 | 2.8.160208.1 | Last Updated 22 Oct 2015
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100