Results 1 to 4 of 4

Thread: JAAS and secure data file

  1. 23-11-2009 #1
    KALIDA
    KALIDA is offline Member
    Join Date
    Aug 2009
    Posts
    51

    JAAS and secure data file

    I am developing a project and I am referring a java tutorial to edit the file SampleLoginModule.java so that it can read a file name and passwords of people securely. Now I want to retrieve the file name and password of users while respecting the confidentiality and integrity of the password stored in the file.

    My question is: What are the security mechanisms to implement to satisfy both the confidentiality and integrity of password?

    I thought to encrypt the file but I do not know whether to use in this case a symmetric or asymmetric encryption? And is that enough to satisfy all the requirements requested? It should certainly create a control file access in such a way that it can be deleted? What is the best way to do? Knowing I think that just restrict the access rights to the file is not secure optimal (well I know too!) Access? Maybe there are other ways to do it?
    Reply With Quote Reply With Quote
  2. 23-11-2009 #2
    kelfro
    kelfro is offline Member
    Join Date
    Apr 2008
    Posts
    2,005

    Re: JAAS and secure data file

    If you do not need to read the password, I think you should store only their signature (hash md5 example or by modifying to make it more difficult to break) as it does for many a website for example. After that if you want to read a password in the clear for example by giving back to the user than that will be more complex.
    Reply With Quote Reply With Quote
  3. 23-11-2009 #3
    CitricAcid
    CitricAcid is offline Member
    Join Date
    Nov 2008
    Posts
    1,022

    Re: JAAS and secure data file

    You certainly know the file /etc/passwd on Linux. It no longer stores passwords but only the hash of these. When the user enters a password, it computes its hash and compares it to that stored in the file.

    The hash algorithm is a one-way, we can not retrieve a password from its hash so we preserve the confidentiality of data. And it does not need it: if you forget the password, it generates a new one and offers the user the possibility to change it.
    Reply With Quote Reply With Quote
  4. 23-11-2009 #4
    $tatic
    $tatic is offline Member
    Join Date
    Nov 2008
    Posts
    1,221

    Re: JAAS and secure data file

    Hash algorithms are fundamental to many cryptographic applications. A cryptographic hash function has the property that it is computationally infeasible to find two distinct inputs that hash to the same value. Hash functions are commonly used with digital signatures and for data integrity. So you can implement .NET Framework's HashAlgorithm Class in your project.
    Reply With Quote Reply With Quote
« Multiple rows for same id on Oracle 10 | Creating object and server prices in JAVA »

Similar Threads

  1. Best way to secure sensitive data on your pc
    By Reuben 1 in forum Networking & Security
    Replies: 3
    Last Post: 06-06-2012, 05:59 PM
  2. Secure SDS DATA is fragmented
    By RastogiJI in forum Networking & Security
    Replies: 6
    Last Post: 24-12-2010, 08:08 AM
  3. Are Data Erasers actually secure?
    By Garonman in forum Windows Software
    Replies: 4
    Last Post: 08-12-2010, 10:41 AM
  4. Software for secure data recovery for windows
    By Esmel in forum Windows Software
    Replies: 4
    Last Post: 07-12-2010, 10:49 AM
  5. Fujitsu Secure USB - Protect Your Data
    By WaGoN in forum Portable Devices
    Replies: 1
    Last Post: 20-04-2009, 04:53 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,713,415,704.13686 seconds with 16 queries