Can xml file be used for login purpose ? I want to store the login id and password in xml and retrieve it from a java program to check if the one user entered matches with any of the data in the xml. inshort I want to use xml for authenticating a user.
Asked
Active
Viewed 9,396 times
1
-
r u using any framework like spring, struts.....for this? – Java Apr 02 '12 at 06:31
-
No I am using simple java swing – Poonam Hoshi Apr 02 '12 at 06:32
6 Answers
1
In order to make your XML application to safely save passwords, you will need an encryption mechanism. Bouncy Castle.org provide an open and free lightweight cryptography API for Java.
This way you can store an encrypted String for the password in your XML file. Use SAX and you are ready to develop.
The principle is pretty much similar to the /etc/passwd mechanism used traditionally in Unix systems for many years. You just use XML, instead of a text file.
Your XML file will look like that:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE users SYSTEM "users.dtd">
<users>
<user>
<lastname>John</lastname>
<firstname>Doe</firstname>
<code>admin</code>
<password>DREbKLT4rX3e4j+kh3AXNM0bkjw=</password>
<role>Administrator</role>
</user>
...
You could find a Java example here, that shows how to use SAX with Java.
Community
- 1
- 1
Costis Aivalis
- 13,680
- 3
- 46
- 47
0
Can you store credentials in a text file? Of course. Is it a good idea? Most likely not.
moodywoody
- 2,149
- 1
- 17
- 21
-
I tried using xml through sax and dom parsers but I am unable to acheive it. Actually its my project work and I have been told to use Xml for login authentication but I am not able to think of a way. – Poonam Hoshi Apr 02 '12 at 06:37
0
Storing plain passwords -or even encoded ones- and retrieving them via a non-secured protocol and encryption is a terrible, terrible idea. The closest thing I can think of is SAML. Even in SAML it's recommended that you:
- send the message through HTTPS,
- encrypt it,
- sign the XML and
- encrypt the NameID (frequently a combination of the user ID and a session ID or token, which should expire after a short amount of time).
Never, I repeat never send the password. (Why do you need it anyway?) .
If you wanna learn more about SAML in Java, I'd recommend using OpenSAML and/or Shibboleth . The SAML Specification is here .
I'd also recommend you take a look at the OWASP project, just so you can speed up on security stuff.
Vicente Plata
- 3,370
- 1
- 19
- 26
-
Well its for my project and i have to make a demo. Actually I much prefered using mysql but my guide told me he dont want any database and try using xml for that purpose. Actually I am at my wits end. i tried many things but it still dont work. – Poonam Hoshi Apr 02 '12 at 06:47
0
I think this link will explain you how to read data from XML. All you need to do is to read the nodes and save it.
Anuj Balan
- 7,629
- 23
- 58
- 92
