Susan, wanted to add one more thing. While I said that the process of
encryption/decryption takes place between the browser and web server, I
didn't offer any details on setting up the web server to work this way.
Again, there's no simple answer, and each web server will be different. But
it involves installing a "server certificate" on the web server. See your
web server docs (or web server administrator) for more details.
One other thing is that of course some J2EE app servers implement and
install their own web servers (they may refer to them as http servers), and
so you may find help on dealing with all this in the docs for that app
server rather than any particular web server.
Case in point: the Sun J2EE Reference Implementation that gets installed
when you install the J2EE JDK has such documentation:
http://java.sun.com/j2ee/tutorial/doc/Security2.html#62810
/charlie
-----Original Message-----
From: Charles Arehart [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 11, 2001 12:45 AM
To: JRun-Talk
Subject: RE: Shameless newbie question re encrypt/decrypt
Susan, did you ever get an answer to this? There are many levels on which
one could provide an answer, but perhaps the simplest is that if your web
pages (html, jsp, cf, asp, whatever) are on a web server that has a server
certificate installed, then when a browser requests a page from that server
using HTTPS (rather than HTTP), the communications between the browser and
server will be encrypted, automatically.
Your code doesn't have to "ask for the key" or "do the encryption", it's all
done for you by the browser and server. And note that this is the web server
taking care of the details, not your application server (assuming they're
separate things). So any Jrun, ColdFusion, ASP, or other dynamic pages don't
need to do anything to handle the encryption/decryption. It's done for you
by the web server before it passes the page request to the application
server (JRUN, CF, ASP).
Note that it's possible that you may be limited to serving such "secured"
pages from a particular directory, depending on how the certificate and
support for SSL were installed.
/charlie
-----Original Message-----
From: Susan M. Orndorff [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 04, 2001 6:06 PM
To: JRun-Talk
Subject: Shameless newbie question re encrypt/decrypt
I am trying to teach myself about security re encryption, digital
signatures, and certificates, etc. I understand the explanations of how
these work when the books say e.g."you ask for the recipients public key,
and use that to encrypt...." etc. etc.
Here is my question, how do you actually implement "asking for a public key"
and "using it to encrypt" ? Does one buy a software package that does all
this for you??
I am stuck on how the actual implementations of these procedures are carried
out.
TIA..
--susan
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=sts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
