Java authentication security

Question

I have a central admin instance of an app where judge accounts are created. In order to use this judge account, a judge instance of the ap

Answer 1

You could use something like pgp here. So you would use some public key stuff. That would eliminate the need for a password altogether.

With public key encryption every user has a public key and a private key. Stuff that is encrypted with one key, can only be decrypted with the other key. So you can hand out the public public key. If someone wants to send something to you, he can use your public key to encrypt the message, and only you can decrypt it.

So messages to the server would be encrypted with the users private key. He sends the message and his public key. You can have a database lookup on the server side if you know this public key. and if you can decrypt the message with that key, you know that it is sent by that user.

With some work, you probably could use that to identify and authenticate users.

You would just use the judges to vouch for any new user and his public key, when they first talk to the server. So you can create a web of trust.