Internet Programming Lab 4: Security
Due: Reports Due Thursday Dec 11 at 5pm.
Summary:
Given the information discussed in class. Break into the database and find the password for a user called admin.
Details:
You may work in groups of up to three. If you wish to do so all
three group members must be present during both the attempts to find
the admin password and during the writing of the report.
Please have all group members of multi person groups sign the report indicating that they have abided by this guideline.
Note, since this lab is posted on the web, I will be deliberatly vague about some things. I will discuss details in class.
You will have access to a small java application that connects
to a mysql database. In that database is a table with two registered
users Petey and admin. Petey's password is 'Bones'. Your job is to find
out what admin's password is.
The java application is designed to let people search by last name on a
list of users. If, for example, you type James into the last name
field of the application and press submit, you will see two people in
the list box at the bottom of the app as you see below.

It is quite possible that this app is not terribly secure. (therefore you will find info on how to get it in class but not on the web)
You will only be able to use the applcation (and to test the database)
from on campus since the database runs on a machine that is behind the
campus firewall.
I've tested the app on windows in
the lab and it runs *if* you have the mysqlconnector.jar in your
classpath. You might have to run with the -classpath option to get it
to show up.
The database connection problems are fixed. I've sucessfully used the
java tool to connect to the database as of 3:15 Monday afternoon. You
can get a revised copy of the class files from the updated lab4.zip in
the usual place via winscp.
Please do not mess with any of the databases other than the one
referred to by the app as it may prevent other groups from doing the
lab properly.
What you need to hand in:
You will hand A report which includes
- Your name(s)
- The password for the admin account
- A description of the sucessful method that you used to discover the password.
- A description of any failed attempts.
And yes you need to write this properly. Complete sentances and proper grammer are both appropriate.
If you wish to turn the project in at a time that I am not in the
office, just slip the paper under my door - remember to sign the paper
if you are doing more than one student per project.