[flexcoders] Re: How do I know if a password is secure or not
if you are a hacker you definitely know if it is secure or not,,, i was just kiddin' 1.) JAAS, Crypto and SSL, with secure storage are basics of Security, Tear up and read more on these stuff, 2.) Browse on insecure.org it would be a good pit-stop over there, 3.) learn basic hacking like eavesdropping, motm, session hijacking between web-servers and some other cools stuff from senior-hackers on TCP over IP, 4.) compare and contrast on what you learned and what you apply, reading on printed and published stuff isn't that reliable unless you try and break stuff, 5.) BTW avoid custom crypto that is what i learned the hardway. peaceoutbye. :) --- In flexcoders@yahoogroups.com, [EMAIL PROTECTED] wrote: > > I guess I would figure it would be secure because how can you read a password > if its writen as a password with the little *'s. WHat your saying though is I > need to store the passwords on to a secure database right? > Yahoo! Groups Sponsor ~--> Most low income homes are not online. Make a difference this holiday season! http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/nhFolB/TM ~-> -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[flexcoders] Re: How do I know if a password is secure or not
If you use standard J2EE security you won't have any of these problems. 1) the password isnt persisted anywhere 2) All that is persisted is an opaque value used by the server to tie you to its authentic session 3) No need to have a *single* line of security code in your flex app 4) Flex transparantly integrates with j2EE security. Its a dream. 5) On the server side you can persist passwords in hashed format Do not go around storing passwords in you app, or in shared objects or cookies or whatever. J2EE solved this problem 5 years ago, and MM was brilliant enough to make sure Flex integrated right into it. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, [EMAIL PROTECTED] wrote: > > I guess I would figure it would be secure because how can you read a password > if its writen as a password with the little *'s. WHat your saying though is I > need to store the passwords on to a secure database right? > Yahoo! Groups Sponsor ~--> 1.2 million kids a year are victims of human trafficking. Stop slavery. http://us.click.yahoo.com/.QUssC/izNLAA/TtwFAA/nhFolB/TM ~-> -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/