Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2007

Tip: Looking for answers? Try searching our database.

login username from database

Thread view: 
Enable EMail AlertsStart New Thread
Trev - 17 May 2007 19:45 GMT
Hi,

I have a login window with a username and password fields.  The
program checks the username and password from a mysql DB table.  If I
enter a username that is not in the database, how do I get it to
display a message that the username does not exist.

Thanks
Trevor
Reply to this Message
Richard Reynolds - 17 May 2007 21:24 GMT
> Hi,
>
[quoted text clipped - 5 lines]
> Thanks
> Trevor

JOptionPane?
Reply to this Message
rossum - 18 May 2007 01:42 GMT
>Hi,
>
[quoted text clipped - 5 lines]
>Thanks
>Trevor
That is insecure, you are giving out more information than needed.
Just say "Invalid username/password" so any attacker does not know
whether it is the username, the password or both that failed.  This
makes it more difficult for them to try all possible combinations.

rossum
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.