Programming Tutorials

(追記) (追記ここまで)

Encrypting Passwords in Tomcat using Servlets

By: Sam Chen in JSP Tutorials on 2023年05月04日 [フレーム]

Encrypting passwords is an essential aspect of web application security. Here are the steps to encrypt passwords in Tomcat using Servlets:

Create a Java class that contains a method to encrypt a password. You can use any encryption algorithm like MD5, SHA-256, or BCrypt. Here is an example using BCrypt:

import org.mindrot.jbcrypt.BCrypt;
public class PasswordEncryptionUtil {
 public static String encryptPassword(String password) {
 return BCrypt.hashpw(password, BCrypt.gensalt());
 }
 public static boolean checkPassword(String password, String hashedPassword) {
 return BCrypt.checkpw(password, hashedPassword);
 }
}

In your Servlet, get the plain password from the user and call the encryptPassword method to encrypt it.

String plainPassword = request.getParameter("password");
String encryptedPassword = PasswordEncryptionUtil.encryptPassword(plainPassword);

Store the encrypted password in the database.

Connection conn = DriverManager.getConnection(url, username, password);
String sql = "INSERT INTO users (username, password) VALUES (?, ?)";
PreparedStatement stmt = conn.prepareStatement(sql);
stmt.setString(1, username);
stmt.setString(2, encryptedPassword);
stmt.executeUpdate();

When a user logs in, retrieve the encrypted password from the database and call the checkPassword method to verify the password.

String plainPassword = request.getParameter("password");
String hashedPassword = // retrieve hashed password from database using username
boolean isValid = PasswordEncryptionUtil.checkPassword(plainPassword, hashedPassword);
if (isValid) {
 // login successful
} else {
 // login failed
}

By following these steps, you can encrypt passwords in Tomcat using Servlets and enhance the security of your web application.

Previous
<< Steps to get a Free SSL certificate for your Tomcat

Next
Sending Email using JSP>>

(追記) (追記ここまで)