Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Using Java to Encrypt Passwords

By Les Smith,

Using Java to Encrypt Passwords

  • A set of Java classes for encrypting passwords
  • Uses the powerful java Cryptography API
  • Need to download JCE 1.2 from http://www.javasoft.com
    • Then make sure that you have placed jce1_2-do.jar in the CLASSPATH. You can decompress the jar, but then it expands into multiple paths and you have more configuration work to do. So just add the jar file to the CLASSPATH. The CLASSPATH can be changed in System/Environment tab in the Control Panel.
  • If you need a COM dll then use Visual J++ to put a COM wrapper around them. After you have created a COM object you can use an SQL Server stored procedure or an ASP page to invoke it.
  • Enciphering and ciphering data depend on having a key. If you change the key then all your passwords will not work. Also if someone can get your key they can get all your passwords. So the table or file holding the key must be guarded with extreme care.
  • The connection is made using the ODBC-JDBC Bridge, since this is the most available driver. However, for any real java database work you will need a commercial JDBC driver such as WebLogic.
    • Please make sure that your ODBC connection has the following unchecked: "Use ANSI nulls,padding and warning". If it is checked then you will have a string with nulls appended to the size of the VARCHAR.
  • The passwordSecure.java creates a command line program with a sampler of the methods available. Normally the calling program would have a web interface, but it is simpler to present it this way.
  • If you have further questions please contact me at Les Smith/FONT>
  • The classes:
    • GetConnection.java used for connecting to the database
    • GenKeys.java: used for generating a key. You need to run at least once. If you run again you invalidate existing passwords.
    • Encrypt.java: used to encrypt a string using the generated key
    • PasswordSecure.java: a calling class. Calls encrypt or decrypt. Example: java passwordSecure les test. Argument 0 is the login name. Argument 1 is the password.


Return to Les Smith's Home

 

Total article views: 13388 | Views in the last 30 days: 6
 
Related Articles
FORUM

Password encryption-decryption logic in SQL Server 2005

I have passed the encrypted password in the connection string from my VB or VB.Net code.How to tackl...

FORUM

Password Encryption in SQl SERVER 2005

Password Encryption in SQl SERVER 2005

FORUM

DTS to SSIS 2005 migration - password encryption - DTEXEC

DTS to SSIS 2005 migration - password encryption - DTEXEC

FORUM

Automated SQL Installer - encrypt password in template ini file

Automated SQL Installer - encrypt password in template ini file

FORUM

Encrypt connection to SQL Server 2005

Encrypt connection to SQL Server 2005

Tags
advanced querying    
security    
sql server 7    
t-sql    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones