Case sensitivity in password validation in login form

Question

I have a login form, i am done with connecting to DB, everything works fine. I have a username = a and password = b in my DB. During login if i enter "B" in password, i am able to login, can some one help me out with validating that password field. Thx in advance. The JSP code is as follows:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

</head>
<body bgcolor="#FFCC66">
    <center>
        <h1>Login</h1>
    </center>
    <form action="CommonLog" method="post">
        <center>
            <table align="center">
                <tr>
                    <td><font style="font-size: 20px">Name</font></td>
                    <td><input type="text" name="name" style="width: 228px; height: 34px;"/></td>
                </tr>
                <tr>
                    <td><font style="font-size: 20px">Password</font></td>
                    <td><input type="password" name="pass" style="width: 229px; height: 36px"/></td>
                </tr>
                <tr>
                    <td>
                    <td><input type="submit" value="Login"
                        style="width: 88px; height: 41px; font-size: 15px" /></td>
                </tr>
            </table>
        </center>
    </form>
</body>
</html>

Answer 1

The case insensitivity is probably due to your database settings. If you're checking the password in SQL, then it is case insensitive by default. You could try using a case sensitive collation (assuming SQL Server here):

SELECT * from UserTable 
WHERE UserId = 'userid' 
  AND Password = 'b' COLLATE Latin1_General_CS_AS 

Storing passwords in clear text in a database isn't good practice, but that's a different issue.

Answer 2

I assume that your SQL SELECT statement is case-insensitive.

In MySQL for example, if your encoding is utf8-general_ci or similar, you match both b and B . If the encoding is utf8-bin , it matches only b .

Answer 3

Your Password matching criteria can be

sending the username and password to db directly and then matching your data or

retrieving data from the table completly and then matching data.

• if you're matching data in JAVA method then you can use equalsIgnoreCase
  it will remove case senstivity problem you are facing .

• 2nd thing you can use is binary operator in mysql Binary Operator comparision

• you can use COLLATE Case senstivity in search in mysql