Internet Programming Lab 4: Security

Due: Reports Due Thursday Dec 11 at 5pm.

Summary:
Given the information discussed in class. Break into the database and find the password for a user called admin.

Details:
You may work in groups of up to three. If you wish to do so all three group members must be present during both the attempts to find the admin password and during the writing of the report.

Please have all group members of multi person groups sign the report indicating that they have abided by this guideline.

Note, since this lab is posted on the web, I will be deliberatly vague about some things. I will discuss details in class.

You will have access to a small java application that connects to a mysql database. In that database is a table with two registered users Petey and admin. Petey's password is 'Bones'. Your job is to find out what admin's password is.

The java application is designed to let people search by last name on a list of users. If, for example, you type James into the last name field of the application and press submit, you will see two people in the list box at the bottom of the app as you see below.
test app after connecting to the database

test app after connecting to the database

It is quite possible that this app is not terribly secure. (therefore you will find info on how to get it in class but not on the web)
You will only be able to use the applcation (and to test the database) from on campus since the database runs on a machine that is behind the campus firewall.

I've tested the app on windows in the lab and it runs *if* you have the mysqlconnector.jar in your classpath. You might have to run with the -classpath option to get it to show up.

The database connection problems are fixed. I've sucessfully used the java tool to connect to the database as of 3:15 Monday afternoon. You can get a revised copy of the class files from the updated lab4.zip in the usual place via winscp.

Please do not mess with any of the databases other than the one referred to by the app as it may prevent other groups from doing the lab properly.

What you need to hand in:
You will hand A report which includes

Your name(s)
The password for the admin account
A description of the sucessful method that you used to discover the password.
A description of any failed attempts.

And yes you need to write this properly. Complete sentances and proper grammer are both appropriate.

If you wish to turn the project in at a time that I am not in the office, just slip the paper under my door - remember to sign the paper if you are doing more than one student per project.