3 Replies Latest reply on Jun 8, 2010 9:53 PM by kapitanpetko

Help required in displaying the encrypted field

anitha.nagani.raj.gmail.com Jun 8, 2010 3:03 AM

Hi all,

I have developed an application using seam gen. I have a table called 'device' in my application which has a column named 'password'. The user should enter the password and the entered password should be encrypted and saved in the database. I'm successful in doing this. The entered password is getting stored in the database as an encrypted string. I have used DES algorithm to accomplish this task.

Now the problem is in displaying the password with original string. When the view link is clicked the encrypted password should get decrypted and it should be shown as a normal string. I even have the code to perform decryption but the problem is I'm not getting to know where should i call this decrypt method in devicehome.java file.

Please help

1. Re: Help required in displaying the encrypted field

kapitanpetko Jun 8, 2010 5:17 AM (in response to anitha.nagani.raj.gmail.com)

Encrypting passwords is generally a bad idea. So is DES. I assume your key is stored in a file or hardcoded in your app, this provides very little security, just the illusion of such. You are probably required to do so, I guess, but still. Do consider at least a longer key (3DES) or a more modern encryption algorithm AES.

That said, add a transient property to your entity and set the decrypted password there.
Actions
2. Re: Help required in displaying the encrypted field

anitha.nagani.raj.gmail.com Jun 8, 2010 6:10 AM (in response to anitha.nagani.raj.gmail.com)

Hi Nikolay,

Thanks for replying.

I already have getter and setter methods for the property 'password' in the entity.java file. So is it enough if i just add @Transient annotation above the getter method or should i do anything more? Please explain me in detail.
Actions
3. Re: Help required in displaying the encrypted field

kapitanpetko Jun 8, 2010 9:53 PM (in response to anitha.nagani.raj.gmail.com)
Add @Transient get/setDecryptedPassword() to your entity. Than do something like this after you fetch from DB and before displaying:

String decryptedPass = DesDecryptor.decrypt(device.getPassword()); device.setDecryptedPassword(decrytpedPass);

After this, you can display the decryptedPassword property.

HTH
Actions

Go to original post