summaryrefslogtreecommitdiffstats
path: root/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java')
-rw-r--r--src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
index 7f56c3e..a3b06e6 100644
--- a/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
+++ b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
@@ -4,6 +4,7 @@ import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
@@ -68,9 +69,8 @@ public class LoginServlet extends HttpServlet
pw.println("<body>");
// This is very insecure and can be exploited via timing attacks
- if (requestUsername.equals(validUsername)
- && createSaltedPasswordHash(validPassword, salt)
- .equals(createSaltedPasswordHash(requestPassword, salt)))
+ if (requestUsername.equals(validUsername) && validPassword
+ .equals(createSaltedPasswordHash(requestPassword, salt)))
{
pw.println("<h1>Success</h1>");
request.getSession().setAttribute("loggedin", true);
@@ -86,7 +86,7 @@ public class LoginServlet extends HttpServlet
}
/**
- * Generate a SHA-1 encoded password that is salted.
+ * Generate a Base64 encoded SHA-1 hashed password that is salted.
*
* @param password
* The password to encode.
@@ -110,7 +110,7 @@ public class LoginServlet extends HttpServlet
{
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update((password + salt).getBytes());
- return new String(md.digest());
+ return Base64.getEncoder().encodeToString(md.digest());
}
catch (NoSuchAlgorithmException e)
{
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-06 17:37:32 +0000