Ad

In A Client-server Application: How To Send To The DB The User's Application Password?

- 1 answer

I have an Java desktop application which connects directly with the DB (an Oracle). The application has multiple user accounts. What is the correct method to send the user's password (not DB password) over the network? I don't want to send it in plain text.

Ad

Answer

You could connect over a secure socket connection, or hash the password locally before sending it to the database (or better, both) - Ideally, the only time the password should exist in plain text form is prior to hashing. If you can do all of that on the client side, more the better.

Ad
source: stackoverflow.com
Ad