Go Back   TechArena Community > Software > Software Development
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 23-11-2009
Member
 
Join Date: Aug 2009
Posts: 51
JAAS and secure data file

I am developing a project and I am referring a java tutorial to edit the file SampleLoginModule.java so that it can read a file name and passwords of people securely. Now I want to retrieve the file name and password of users while respecting the confidentiality and integrity of the password stored in the file.

My question is: What are the security mechanisms to implement to satisfy both the confidentiality and integrity of password?

I thought to encrypt the file but I do not know whether to use in this case a symmetric or asymmetric encryption? And is that enough to satisfy all the requirements requested? It should certainly create a control file access in such a way that it can be deleted? What is the best way to do? Knowing I think that just restrict the access rights to the file is not secure optimal (well I know too!) Access? Maybe there are other ways to do it?
Reply With Quote
  #2  
Old 23-11-2009
Member
 
Join Date: Apr 2008
Posts: 2,001
Re: JAAS and secure data file

If you do not need to read the password, I think you should store only their signature (hash md5 example or by modifying to make it more difficult to break) as it does for many a website for example. After that if you want to read a password in the clear for example by giving back to the user than that will be more complex.
Reply With Quote
  #3  
Old 23-11-2009
Member
 
Join Date: Nov 2008
Posts: 1,022
Re: JAAS and secure data file

You certainly know the file /etc/passwd on Linux. It no longer stores passwords but only the hash of these. When the user enters a password, it computes its hash and compares it to that stored in the file.

The hash algorithm is a one-way, we can not retrieve a password from its hash so we preserve the confidentiality of data. And it does not need it: if you forget the password, it generates a new one and offers the user the possibility to change it.
Reply With Quote
  #4  
Old 23-11-2009
Member
 
Join Date: Nov 2008
Posts: 1,221
Re: JAAS and secure data file

Hash algorithms are fundamental to many cryptographic applications. A cryptographic hash function has the property that it is computationally infeasible to find two distinct inputs that hash to the same value. Hash functions are commonly used with digital signatures and for data integrity. So you can implement .NET Framework's HashAlgorithm Class in your project.
Reply With Quote
Reply

  TechArena Community > Software > Software Development
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "JAAS and secure data file"
Thread Thread Starter Forum Replies Last Post
Best way to secure sensitive data on your pc Reuben 1 Networking & Security 3 06-06-2012 05:59 PM
Secure SDS DATA is fragmented RastogiJI Networking & Security 6 24-12-2010 08:08 AM
Are Data Erasers actually secure? Garonman Windows Software 4 08-12-2010 10:41 AM
Software for secure data recovery for windows Esmel Windows Software 4 07-12-2010 10:49 AM
Fujitsu Secure USB - Protect Your Data WaGoN Portable Devices 1 20-04-2009 04:53 PM


All times are GMT +5.5. The time now is 09:49 AM.