Introduction

With the database structure still requiring more thought, this week I put that aside and went ahead to create the website viewer. In order to do this, I had to make a mock-up SQLite database to test it with. I pre-populated it with some example data and it looks like this: Note: all the fields are in plain-text in this mock-up. They will be encrypted in the actual database.

Changing the Database Structure

Currently, we have main database in which we store the user’s email, hashed password and salt when they register with the program. We were planning to create a database of passwords for each user which would be encrypted and located by their email address. But, if we are going to encrypt each user’s password database, surely we could remove the main database and be left with a password database per user. Each database file would be named by hashing the user’s email (for privacy reasons) and each file would be encrypted using AES-256 encryption with a key generated from the user’s password. AES-256 encryption is military grade encryption so is very hard to break meaning all the user’s passwords would be safe in the database.

Modifying the Login and Register Page Layouts

The login and register pages’ layout were a complete mess so we used the GridBagLayout to keep all the GUI elements in order based on a customisable grid. This makes the pages easier for the user to navigate improving the usability of our program. Moreover, we have an error message label which the text can be changed based on the error and should pop up when an error occurs e.g. email address is not valid. The problem was though, it was visible on the login/register page from the start when the user hadn’t even typed anything in. To rectify this, we hid the error label at the start of the program and only made it visible when the error occurred.

Adding Email and Password Validation

When users register to use our program, we need accurate information and not any random nonsense. To ensure as much accuracy as possible, we need to use validation. By using validation we can check if what the user has entered matches a specific format. To do this, we used Regex (regular expression). By using regex, we can check if a string matches a certain pattern. Here’s an example of how we used regex to check if the password the user created is valid:

public static boolean isPasswordValid(char[] password) {
    String regex = "((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!\"£$€%^&*()@#/?]).{8,})";
    Pattern pattern = Pattern.compile(regex);
    Matcher matcher = pattern.matcher(new String(password));
    boolean isValid = matcher.matches();
    
    return isValid;
}

Creating the Register Method

With the GUI made, we now need users to be able to register so that they can use the program. This involves the user entering their email and creating a password. We need to store this data in the database on the users table. Before we can do that, we need to hash the password with a salt for security reasons. Once hashed, we use another SQL statement to store the data.

INSERT INTO users(email,password,salt) VALUES(?,?,?)

VALUES(?,?,?) The question marks act as a placeholder. This means that, using the sqlite-jdbc library, we can replace them with the corresponding data. INSERT INTO users(email,password,salt) means add the corresponding data as specified by VALUES to the columns (listed in between the brackets) in the table called users. So now the user’s data is stored in the database and they will be able to login.

Creating the Login Method

Now that users can register with the program, they have to be able to log in. This involves the user entering their email and password on the GUI and clicking the login button. On clicked, the program uses yet another SQL statement to search for the entered email in the database.

SELECT password,salt FROM users WHERE email=?

This returns the corresponding hashed password and salt, if the entered email exists in the table users. Otherwise, it returns nothing. Notice the ? which works in the same way as the statement above.

Creating the Main Database

The first stage of security comes from creating an account on our Password Manager that all your passwords will be tied to. But, to allow the user to be able to register and log in to program, we need a database to store their credentials. We chose to use an SQLite database as it is embedded in the program as oppose to being a client-server database engine. This meant that we didn’t need a database server, instead the database is saved locally within the program (for now). In order to work with the SQLite database we needed to use sqlite-jdbc, a Java SQLite library. This library allows us to connect to the database and manipulate it as required e.g. adding a new record to a table.