0

Currently I am working on a program that required to add multiple user and each user will have their own password, so all the username and password will save on a same text file. My question is, is there any solution to just comparing the username and password and that it.

For example, User A login, after the user type in the Username and Password it will go through the text file and take out User A username and password without touching User B or C Username and password of user B or C

Kick Buttowski
  • 6,371
  • 12
  • 34
  • 54
Krauser
  • 7
  • 6
  • 4
    You really, *really* shouldn't be storing the passwords in a file. – azurefrog Aug 07 '14 at 17:24
  • And if you are, you should at least be hashing them. – Kevin Workman Aug 07 '14 at 17:25
  • Take a look at http://stackoverflow.com/questions/7017688/what-is-the-best-practice-for-securely-storing-passwords-in-java – azurefrog Aug 07 '14 at 17:31
  • Is it `Swing`? Or a Web App? In case of a Web App you should use a Database, for `Swing` maybe the file is good but you should try [`FileInputStream`](http://docs.oracle.com/javase/7/docs/api/java/io/FileInputStream.html) and [`FileOutputStream`](http://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html), take a look at [`ArrayLists`](http://docs.oracle.com/javase/7/docs/api/java/util/ArrayList.html) too or also take a look at this [question](http://stackoverflow.com/questions/14046445/working-with-files-in-java) – Frakcool Aug 07 '14 at 17:46
  • also you might want to use `Serializable` classes, and for better help sooner please post a [Minimal Complete and Verifiaable Example (MCVE)](http://stackoverflow.com/help/mcve) C: Good Luck – Frakcool Aug 07 '14 at 17:48

3 Answers3

1

The easiest way to do this is using Properties. A Java-Properties-File look like this:

# this is a comment
name=value
user=password

I would recommend to not store the password as plain-text in your file. Saving it's hash will be enough to compare passwords:

public class YourPasswordStorage
{
    Properties users = new Properties();

    public YourPasswordStorage (File file)
    {
       user.load(file);
    }

    void insertUser (String user, String password)
    {
        users.put(user,
            Base64.getEncoder().encodeToString(
                MessageDigest.getInstance("sha-512").digest(password)));
    }

    boolean checkUser (String user, String password)
    {
        String hash = Base64.getEncoder().encodeToString(
            MessageDigest.getInstance("sha-512").digest(password));
        return (hash.equals(users.get(user)); // note that users.get(user) could be null
    }
}


Note that the Code above won't compile because of some uncaught Exceptions, but I hope you understand how it works.

msrd0
  • 6,403
  • 9
  • 36
  • 64
0

Storing raw passwords in a text file isn't very safe for your users. It's a lot better to salt your passwords first - systematically convert them into hash that you write to file. Then instead of comparing password to password, you take salt the password the user gives you and compare that to what's written to file. Take a look here (and many other places) for how to do that.

Community
  • 1
  • 1
Mshnik
  • 6,944
  • 1
  • 21
  • 37
0

Have you heard NEVER GIVE A MONKEY TO DO MAN'S WORK

Well AFAICS you will have the fields username password and user so why dont use a database instead of a file. Take advantage of H2 database allows you to store data as file. Just include the driver jar and write this simple codes

Connection con = null;
try{
   Class.forName("org.h2.Driver");
   con = DriverManager.getConnection("jdbc:h2:./mydb;MODE=MySQL;", "", "");
   PreparedStatement stmt= con.prepareStatement
            ("INSERT INTO  yourTable(user,username,password) VALUES(?,?,?)");
   stmt.setString(1, "someUser");
   stmt.setString(2, "someUsername");
   stmt.setString(3, "somePassword");
   stmt.executeUpdate();
}
catch (SQLException e) {
e.printStackTrace();
}
finally{
//close statements
}
SparkOn
  • 8,193
  • 3
  • 23
  • 28