How to store username and password in a secure way

Question

I am building an java web application that has to communicate with the active directory (AD) server and another web service (WS) server. Both AD & WS requires authentication using a same set of username and password. How should I store the username and password in a secure way?

I am currently thinking of storing the encrypted password in database, while the key stores in the web application which bundles in the .war file. Application server and database server are in different machines. Is it an appropriate way to accomplish this task? Please suggest if there is a better way to do this

Answer 1

尝试使用集中式用户身份验证作为服务，并使用Cookie来存储用户信息。

Answer 2

You can encode the pass words and username and store it in the place you want. And decode it after reading it. Fortunately for this work in my app I have created a library package having classes to encode and decode strings. You should provide me your email so that I can send the jar file to you.

To encode you can use similar codes to this one

 String encode(String s){
char[] ret=new char[s.length];
for(int i=0;i<s.length();i++)
{
 ret[i]=(char)((s.charAt(i)+23)*i+12);
 }
String encoded=new String(ret);
return encoded;
 }

You can write opposite to decode the encoded string. Don't copy it use your own algorithms

Answer 3

You can use MessageDigest class that supports cryptographic functions (MD5, for example) and use it to transfrom string password on the client to the byte array, and transfer it to the server. You don not need to hold the string on the server, and there will be only comparing of encoded byte arrays. Example:

String password = null;
byte[] encoded = null;
try {
    MessageDigest md = MessageDigest.getInstance("MD5");
    encoded = md.digest(password.getBytes("UTF-8"));
} 
catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
    e.printStackTrace();
}