For security reasons, you would not want to store your passwords in raw format to your database. You would probably want to store it in an encoded form. At the same time, you would not want a malicious users to decode the password that you have encoded and stored, which would be another security flaw.
So, how do you then store the password, at the same time be able to test programmatically that the passwords match during login?
There are multiple ways of doing it. But in this article, I will talk about storing the password hashed with a random string called “salt”. That makes each encoding unique. So even if someone got hold of salt for one password, they can’t decode all the other passwords encoded with different salt.
Here is a simple Password Hasher that I wrote that utilizes the algorithm PBKDF2WithHmacSHA512. What does that mean? Let’s break it down.
PBKDF2 is “Password-Based-Key-Derivative-Function” version 2
HMAC is Keyed “Hash Message Authentication Code”
SHA512 is Secure Hash Algorithm
As you can see, it uses multiple algorithms for password encoding and hashing.
The algorithm can take multiple parameters.
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, 10, 512);<br>
I usually used to build the war file and then open the control panel of the hosting site and then upload my war file using either war upload or one one of their tools. Although it didn’t take much to do that, I always wanted to see if it can be done quicker than that by some sort of scripts.
So here is what I finally came up with. I am utilizing the FTP command.
I created a ftp.txt file with all the ftp command input including your user name and password. I will call this a config file. The config file looks something like this
Now you can run your ftp command as (alternately put this in a deploy.bat)
This should connect to your FTP and then upload your war file. If you would like to delete the existing WAR file ont he server, you can add the following line to your config just before your put command.
Unlike angular, where you could specify your build output, reacjs does not seem to have a way to do that (to my knowledge). So I had to write a simple shell script to do the copy after the build is done.
My ReactJS project is located under: src/main/webcontent So the build files are located under: src/main/webcontent/build
However, the static resources spring boot uses are located under src/main/resources
Here is the resources folder:
So in order for me to copy these files after the build is done, I wrote a very simple shell script. The script changes directory to webapp folder, deletes any pre-existing files by iterarting through sub folders. It then iterates and delets the subfolders themselves. Finally, it changes directory over to the folder where the built ReactJS files are located. It they issues a xCopy command to copy them over to the static folder.
REM COPYING FILES FROM REACJS BUILD FOLDER TO RESOURCES FOLDER
del /S /F /Q *.*
RMDIR static /Q /S
xcopy *.* ..\..\resources\webapp\ /s /i
I put this script on a .bat file along side pom.xml. So that I can just quickly issue the command after the maven build is done (which includes auto build of reactjs). So my sequence would be:
I created some test tables via flyway, since they were successful, I deleted the tables, scripts and restarted versioning from V1. However, it appears that Flyway maintains a version of the database migration, which prevented me from running the app with an ugly error that said the checksum mismatch occurred on Flyway.
There is an easy fix for that though. You just need to set the following flag in your application properties.
You might however want to do that on your non-prod profiles, that way you are still validating the production.