0

Currently, I am using java.util.Base64 for encoding and decoding password in java for the USER role.

As I am using java.util.Base64 for user role my requirement is to use other password encoding and decoding for ADMIN role so that by using the database if anyone replaces the USER password to ADMIN password and try to log in for ADMIN they should not get ADMIN access.

So is there any other way in java which supports encoding and decoding string in Java?

stackUser
  • 545
  • 3
  • 9
  • 21
  • https://stackoverflow.com/questions/23561104/how-to-encrypt-and-decrypt-string-with-my-passphrase-in-java-pc-not-mobile-plat – HoangHieu Jan 23 '19 at 09:18
  • 1
    Beware that Base64 is **not** encryption and that storing passwords with Base64 does not provide you with any security at all - it's just as secure as storing passwords in plaintext. – Jesper Jan 23 '19 at 09:19
  • Do you mean you currently identify users by password and not by id/username? – jhamon Jan 23 '19 at 09:22
  • Or you can use password of Admin to decode your user role string: https://gist.github.com/SimoneStefani/99052e8ce0550eb7725ca8681e4225c5 – HoangHieu Jan 23 '19 at 09:22
  • @jhamon No. I am using both username and password to identify users. Username is not encoded in the database so everyone can see the admin username and by using their own password that is changed in the ADMIN password column they can log in for ADMIN. – stackUser Jan 23 '19 at 09:29
  • 1
    There are many concerns on your application security. You need more than a base64 encoding to secure the passwords in the database. Currently, it's like you are turning a word from english to spanish and hope people won't understand it. And it seems strange users can get access to the full database table. – jhamon Jan 23 '19 at 09:37

0 Answers0