SOURCECODE |
How to... garble a Userīs password
Description:
In order to provide password security in transactions of User data, the password of a User should be garbled. Therefor the framework provides the interface users.PassWDGarbler
, which is implemented in the static User.DEFAULT_PASSWORD_GARBLER
, though quite simple and not to be used for real life (It will take the input String and perform a one-complement and add 7 for each byte in the String...). You may feel free to define your own password garbler and use it.
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler
, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg)
. The global password garbler is also being used when the static method User.garblePassWD(String pwd)
is being called.
As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd)
, setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query)
of the User you are checking on.
The password check is being automatically performed by the LogOnForm users.stdforms.LogOnForm using the global password garbler. If needed, you may redefine the ok()
of it. For more information on the LogOnForm, please refer to "How to use a LogOnForm".
ToDo's:
- Garble the password
- add the password to the user
Uses:
User PassWDGarbler
public class VideoMachine extends Shop {
//attributes of the Shop
private static UserManager usermanager;
public VideoMachine() {
super();
// constructor of the Shop ->instantiate the usermanager
usermanager = new UserManager();
//set usermanager the GlobalUM so it can be reached by calling UserManager.getGlobalUM()
UserManager.setGlobalUM(usermanager);
}
//a method to initialize the users of the Shop
public static void init() {
// create a simple User as an example, calling him MasterUser
Customer mu = new Customer("MasterUser");
//...
//here we set the user's password during initialization.
this should happen in a dialog and not be written down
in any part of the source code!
1
//first we garble it, using the default password garbler
String pwd = mu.garblePassWD("master");
2
//then we set it to the user
mu.setPassWd(pwd);
// add the MasterUser to the UserManager
usermanager.addUser(mu);
//...