Managing those pesky passwords
By tdw on Jan 28, 2005
My current storage method is to hold all of the information in an encrypted file on my Solaris workstation (since that's where I spend most of my computer use time). This, however, presents me with a couple of problems:
- I can't readily get access to the login information when the workstation is switched off at night/weekends
- I use VIM to provide the encryption. Unfortunately, decrypting on an Linux/x86 box is not the reverse of encrypting on a Solaris/SPARC box , so it's not easy to share the file.
- It's a flat file, so although it is not very big, searching means I still have to guess how I entered the name of the site
My first pass at getting some mobility out of my password database was to try out some software for my Palm Tungsten T3. There are, in fact, more software packages out there for managing your passwords than you can shake a stick at, and figuring out which would be best is a nightmare in itself. I tried a couple of applications which had "try and buy" versions available, but in the end I couldn't bring myself to part with a few $$ to pay for something which is essentially quite simple. I also (currently) don't need access to passwords on the move.
So, fresh from doing a rather weak1 Sun web-based training course in JSP technology, I decided to cement my understanding by building a web service which uses a database to store the login information. This will all run under Tomcat & MySQL on my Linux box, which is powered on 24x7.
Not wishing to miss out on learning some new technology, I opted to use JPOX JDO implementation as the data access layer for the DB (thanks to another Sun blogger for referring me to this implementation).
So, after a few day's work, I now have a working system into which I can add logins for sites, and search for them too using a case-insensitive wild-card search. I've written my own JSP tag library (only to discover that there is a Standard Tag Library which does much of what I spent time implementing), which interfaces to a controller servlet and thence to beans which access the database.
I've still got more work to do - audit logs, authentication, deleting or changing entries, but I can say that it has helped me a lot in developing my knowledge of JSP technology and bringing me back up to speed on JDO, which I last used around 4 years ago, when it was a fledgeling concept!
1. The JSP course was SL314. I'm sorry Sun, but this course just does not cut it. Whilst the examples are fine, there are far too few exercises - in fact, none at all about developing and using custom tags, which would have been useful. If you want a JSP course, I suggest you use your money to buy a good book on the subject and also check out on-line tutorials (there's even one on java.sun.com if you look hard enough).