On 05/19/2009 06:30 AM, Magius wrote: > If you encrypt the password at the client side, everybody can review > the javascript algorithm and break it. >
Pardon me, but that's arguing for security by obscurity; which should be an indefensible position when one is concerned with developing provably secure systems. While I agree with your next point, the OP should also read the following article that discusses such authentication issues: http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ > If you establish an HTTPS connection, then the channel is secure and > you can transfer the password in clear or with a simple > transformation. > > > On May 19, 6:50�am, abhiram<[email protected]> wrote: > >> Hi all, >> >> � I wanted to know if there are any jars readily available for >> encryption. I need to encrypt the password and send it across to the >> server side. >> >> Thanks and Regards, >> Abhiram >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
