Encryption of User Passwords

The best method to encrypt user password is using one-way techniques, which is, digest algorithm. This is because encrypted password that is using digest algorithm cannot be decrypted. A two-way technique such as password-based encryption will be a risk because once the attacker knows the encryption password, the user password will be revealed. In summary, if the encrypted password cannot be decrypted, there is no risk for the password to be revealed to the attackers. Since the password cannot be decrypted in digest algorithm, the user cannot get his/her password if they lose it. The password has to be set to a new value and requires the system administrator to email them as well as requires them to change the reset password.

The Commonly Used Digest Algorithm

1. MD5 algorithm
2. SHA family: SHA-1 algorithm and SHA-2 variants (SHA-224, SHA-256, SHA-384 and SHA-512)

Character Strings and Byte Sequence

Of course, the users usually enter their password in character string. How are we going to validate whether their password is valid or invalid? In order to perform the validation, we need to compare the digests and not the unencrypted strings.

Another issue is two identical strings may be appeared in different byte sequences since it depends on the encoding for the translation such as UTF-8, Unicode, ISO-8859-1, and so on…. Why do we need to care about the different encoding type for the translation? This is because passwords in digest algorithm are in byte format whereas user input is in character string.

How to Solve the Problem of Password Encoding?

In order to solve the problem, we need to perform the string-to-byte sequence translation by using a fixed encoding. The most commonly used encoding will be UTF-8 and most of the Linux systems use UTF-8 as a default encoding. Since the sequence of bytes does not represent a valid character string in any encoding, we need to encode the digested sequence of bytes in BASE64. In this way, the byte sequence represents a valid, displayable, US-ASCII character string.

Further reading:-
http://www.jasypt.org/howtoencryptuserpasswords.html

Transfer Files through FTP

The procedures to transfer a file or upload the file through ftp method:-

1. On the Windows, click Start –> Run to open the Windows dos prompt.

2. Type cmd and click OK.

3. Access to the location of the file that you want to ftp to the server.

e.g.:

if your file is located in desktop and you want to ftp to the server, you need to type:

>cd Desktop

4. Once you are in the directory of the file, you can start ftp to the server with the server ip address:

> ftp 12.221.112.64

5. If the ip address is correct, you will see the following message (varies according to the server) on the screen:-
Connected to 12.221.112.64
220 ProFTPD 1.2.9 Server (ProFTPD Default Installation)

6. You are required to login with the username and password.
User (12.221.112.64 : (none)) : carol
Password:

* Do not be confused if there is nothing appears on the screen when you are typing the password since this is one of the security features of the system.

7. If the username and password is correct, the following message will appear on the screen:

230 User carol logged in
ftp >

8. You need to type the location where you want to put your file in the server. Let’s say you want to put in the temporary directory in the server. You will need to type:

> cd /tmp

9. If the directory is exists in the server, you will get the following message on the screen:
250 CWD command successful

10. If the file is a .jar file or any other compressed files such as .tar file or .zip file, you will need to set it to binary mode before transferring the file or else, your file will be corrupted.
> bi

11. The system will tell you that you had set the file in binary mode by showing the following message:
200 Type set to I

12. Type the filename that you want to transfer:-
> mput testing.tar

13. Type ‘y’ to confirm the file that you want to transfer.

14. If the file has been successfully transferred to the server, you will see the following message:
200 PORT command successful
150 Opening BINARY mode data connection for testing.tar
226 Transfer complete

ftp: 655485 bytes sent in 0.17 seconds 3855.79Kbytes/sec

15. Exit the session by typing the command:

> bye

Summary of the steps or commands to transfer the files:-

1. ftp 12.221.112.64
2. login with the username and password
3. cd /tmp
4. bi
5. mput testing.tar
6. Type ‘y’
7. bye

Compile and Build Projects using Ant

Here are the steps to compile and build projects using Ant in Eclipse:

1. Choose Window in the Toolbar.
2. Show View —> Others.
3. Double click the ‘Ant’ directory and choose the ’Ant’ icon.
4. Click ‘Ok’.
5. Choose a specific project.
6. On the Ant tab, click the icon ‘Add buildfiles’.
7. Choose the buildfiles to add (build.xml).
8. After choosing the build.xml, you can do the followings on your project:

• clean
• compile
• deploy
• jar
• prepare

How to Create a Jar File

Here are the steps to create a jar file in Eclipse:

1. Select specific file or package in the Package Explorer / Project Explorer.
2. Right click the selected file and choose ‘Export’ from the list.
3. Select the folder ‘Java’ and choose ‘JAR file’.
4. Click ‘Next’.
5. Make sure the ticked project in the ‘Select the resources to export:’ is the right location of your selected file or package to be jarred.
6. Tick the .classpath and .project if you want the jar file included with the location of other jar files of the project.
7. Remember to tick the ‘Export generated class files and resources’.
8. Select the export destination.
9. You can choose to allow Eclipse to ‘Generate the manifest file’ or ‘Use the existing manifest from workspace’ (usually a project that retrieved from .cvs has an existing manifest)
10. Make sure the selected file has main class or .class file else Eclipse will not be able to jar the file.
11. Click ‘Next’ and wait for the selected file to be jarred.
12. Click ‘Finish’.

If you want to see what is inside the jar file or to ensure whether your files are being jarred correctly, you can right click the jar file and extract it out to a directory.