diff options
Diffstat (limited to 'src/de/fhswf/in/inf/fit/aufgabe6')
| -rw-r--r-- | src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java | 41 |
1 files changed, 1 insertions, 40 deletions
diff --git a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java index a877dc2..e5611b8 100644 --- a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java +++ b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java @@ -1,9 +1,6 @@ package de.fhswf.in.inf.fit.aufgabe6; import java.io.IOException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Base64; import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; @@ -65,8 +62,7 @@ public class LoginServletWithJpaAndJsp extends HttpServlet emf.close(); // This is very insecure and can be exploited via timing attacks - if (account != null && account.getPassword().equals( - createSaltedPasswordHash(requestPassword, account.getSalt()))) + if (account != null && account.isPasswordCorrect(requestPassword)) { request.getSession().setAttribute("username", account.getUsername()); @@ -77,39 +73,4 @@ public class LoginServletWithJpaAndJsp extends HttpServlet doGet(request, response); } } - - /** - * Generate a Base64 encoded SHA-1 hashed password that is salted. - * - * @param password - * The password to encode. - * @param salt - * The salt for salting the password. - * @return The salted and encoded password hash. - */ - public static String createSaltedPasswordHash(String password, String salt) - { - if (password == null) - { - throw new IllegalArgumentException("Password can't be null"); - } - - if (salt == null) - { - throw new IllegalArgumentException("Salt can't be null"); - } - - try - { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update((password + salt).getBytes()); - return Base64.getEncoder().encodeToString(md.digest()); - } - catch (NoSuchAlgorithmException e) - { - throw new IllegalStateException( - "SHA-1 for some reason is not supported.", e); - } - } - } |