Secure passwords

Because the access to special areas of Alumni (an application described in my book “Web Development with Java and JSF”) shall be restricted to members only, we need to restrict the access to authorized persons only. During the registration process, we ask the user to enter a password. This part is yet missing in the draft version of the registration form. Adding an input element is really easy. We’ll use an inputSecret in place of an inputText element.

But, since Alumni is exposed to the web, there is a potential risk, that somebody tampers the system. I guess everybody agrees that passwords need a special protection. They never should be stored in clear text format. Continue reading “Secure passwords”