Managing those pesky passwords

I'm sure that most people reading this will suffer the same problem as myself in managing the passwords for all of those shopping sites, forums, news subscriptions and even blogs.sun.com(!).

My current storage method is to hold all of the information in an encrypted file on my Solaris workstation (since that's where I spend most of my computer use time). This, however, presents me with a couple of problems:

  1. I can't readily get access to the login information when the workstation is switched off at night/weekends
  2. I use VIM to provide the encryption. Unfortunately, decrypting on an Linux/x86 box is not the reverse of encrypting on a Solaris/SPARC box :(, so it's not easy to share the file.
  3. It's a flat file, so although it is not very big, searching means I still have to guess how I entered the name of the site

My first pass at getting some mobility out of my password database was to try out some software for my Palm Tungsten T3. There are, in fact, more software packages out there for managing your passwords than you can shake a stick at, and figuring out which would be best is a nightmare in itself. I tried a couple of applications which had "try and buy" versions available, but in the end I couldn't bring myself to part with a few $$ to pay for something which is essentially quite simple. I also (currently) don't need access to passwords on the move.

So, fresh from doing a rather weak1 Sun web-based training course in JSP technology, I decided to cement my understanding by building a web service which uses a database to store the login information. This will all run under Tomcat & MySQL on my Linux box, which is powered on 24x7.

Not wishing to miss out on learning some new technology, I opted to use JPOX JDO implementation as the data access layer for the DB (thanks to another Sun blogger for referring me to this implementation).

So, after a few day's work, I now have a working system into which I can add logins for sites, and search for them too using a case-insensitive wild-card search. I've written my own JSP tag library (only to discover that there is a Standard Tag Library which does much of what I spent time implementing), which interfaces to a controller servlet and thence to beans which access the database.

I've still got more work to do - audit logs, authentication, deleting or changing entries, but I can say that it has helped me a lot in developing my knowledge of JSP technology and bringing me back up to speed on JDO, which I last used around 4 years ago, when it was a fledgeling concept!


1. The JSP course was SL314. I'm sorry Sun, but this course just does not cut it. Whilst the examples are fine, there are far too few exercises - in fact, none at all about developing and using custom tags, which would have been useful. If you want a JSP course, I suggest you use your money to buy a good book on the subject and also check out on-line tutorials (there's even one on java.sun.com if you look hard enough).

Comments:

I've had success using Strip on my Palm (www.zetetic.net)

Posted by Craig Steinberger on January 28, 2005 at 08:11 AM GMT #

Cheers Craig, I've just taken a quick look, and will have a go at downloading it later. That would give me mobility of my passwords too, at the expense of having to maintain two lists.

Posted by Trevor Watson on January 28, 2005 at 08:39 AM GMT #

Keyring for PalmOS is what I use. It works well, is reasonably secure, and is free (GPL). I've used it for a few years on a couple of different Palm devices, quite happily. http://gnukeyring.sourceforge.net/

Posted by Jonathan Abbey on January 31, 2005 at 05:36 PM GMT #

Post a Comment:
Comments are closed for this entry.
About

tdw

Search

Top Tags
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today