CODEWITHSUNDEEP
mysqlspringswinghibernatepassword-encryption
MigRome
MigRome

Reputation: 1155

Working with password in Hibernate (for standalone applications)

I'm looking for best practices around how to deal with password fields in my Java standalone application (Netbeans+Spring+Hibernate+MySQL database+Swing).

1) I've created a table with a password column.... so, which data type must be this column? 2) Which kind of algorythms for SALTing passwords do you recomend to follow and implement on my app? 3) Do you recommend saving password as a plain-text or after being transformed according with the algorythm? 4) Sample codes of all this process

I hope we can help many other developers who must deal with Spring for standalone apps and around the tasks with Hibernate on this kind of questions.

Thanks in advance for any suggestions.

Upvotes: 2

Views: 1228

Answers (1)

Japan Trivedi
Japan Trivedi

Reputation: 4483

You should never store the password as a plain text in your application. Its not recommended for a highly secured application. You can use the PasswordEncoder provided by the Spring Framework itself to store the password in an encoded format to the database. You need to do following settings in your applocationContext.xml file.

<security:authentication-manager>
        <security:authentication-provider >
            <security:jdbc-user-service data-source-ref="dataSource"
              users-by-username-query="
              select  emailid username,password,'true' enabled from tbl_LoginDetails
              where emailid=?"
             authorities-by-username-query="
             select a.emailid username,b.authority from tbl_LoginDetails a,tbl_UserRoles b
            where a.userId=b.userId
            and a.emailid=?"/>
            <security:password-encoder  ref="passwordEncoder">
            </security:password-encoder>
        </security:authentication-provider>
    </security:authentication-manager>


    <bean name="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"></bean>

At the time of user registration you need to encode the password yourself in the controller before storing in the database with the class ShaPasswordEncoder.

Hope this helps you.

Upvotes: 2

Related Questions