-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathCleartextStorage.java
More file actions
28 lines (25 loc) · 950 Bytes
/
CleartextStorage.java
File metadata and controls
28 lines (25 loc) · 950 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
public static void main(String[] args) {
{
String data;
PasswordAuthentication credentials =
new PasswordAuthentication("user", "BP@ssw0rd".toCharArray());
data = credentials.getUserName() + ":" + new String(credentials.getPassword());
// BAD: store data in a cookie in cleartext form
response.addCookie(new Cookie("auth", data));
}
{
String data;
PasswordAuthentication credentials =
new PasswordAuthentication("user", "GP@ssw0rd".toCharArray());
String salt = "ThisIsMySalt";
MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
messageDigest.reset();
String credentialsToHash =
credentials.getUserName() + ":" + credentials.getPassword();
byte[] hashedCredsAsBytes =
messageDigest.digest((salt+credentialsToHash).getBytes("UTF-8"));
data = bytesToString(hashedCredsAsBytes);
// GOOD: store data in a cookie in encrypted form
response.addCookie(new Cookie("auth", data));
}
}