I should make it clear, the intention is to use SSL and JS one-way hash,
not just JS...
Jeremy Thomerson jer...@wickettraining.com
08/03/2010 03:49 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
On Tue, Aug 3, 2010
Ok, the value will be hashed, one-way...anyone have any ideas?
James Carman ja...@carmanconsulting.com
Sent by: jcar...@carmanconsulting.com
08/02/2010 04:42 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Then it's
/2010 04:42 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Then it's not encryption. Encrypted data should be readable to those
who
have the key.
On Mon, Aug 2, 2010 at 3:29 PM, mzem...@osc.state.ny.us wrote
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, what does that buy you? Why do you want to submit one-way hashed
values?
On Tue, Aug 3, 2010 at 1:37 PM, mzem...@osc.state.ny.us wrote:
Ok, the value will be hashed, one
, but this is the spec I am working with.
James Carman ja...@carmanconsulting.com
Sent by: jcar...@carmanconsulting.com
08/03/2010 01:45 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, what does that buy you? Why do
Correct
James Carman ja...@carmanconsulting.com
Sent by: jcar...@carmanconsulting.com
08/03/2010 02:12 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
So, you never need to get the original values out of the database
Carman ja...@carmanconsulting.com
Sent by: jcar...@carmanconsulting.com
08/03/2010 02:12 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
So, you never need to get the original values out of the database?
On Tue
Sent by: jcar...@carmanconsulting.com
08/03/2010 02:19 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, you don't want to convert it before you store it in the db? It must
be
converted at the browser level
or standalone javascript ssn
validators out there.
-Original Message-
From: mzem...@osc.state.ny.us [mailto:mzem...@osc.state.ny.us]
Sent: Tuesday, August 03, 2010 2:24 PM
To: users@wicket.apache.org
Subject: Re: Encrypt Form Fields Using JS
I have to laugh because I also agree its kind
/2010 02:19 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, you don't want to convert it before you store it in the db? It must
be
converted at the browser level? Is there any more information you can
give
us
On Tue, Aug 3, 2010 at 1:24 PM, mzem...@osc.state.ny.us wrote:
I have to laugh because I also agree its kind of crazy...
Yes the original value must be hashed by the client. The reasoning being
that SSL could be broken and expose the data. I don't necessarily agree
but thats how the
Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
Solution: Create behavior which fires javascript to hash field value and
replace original value (###-##-)
This sounds simple enough, but since the length of the hashed string will
be considerably longer than the
Form Fields Using JS
Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
Solution: Create behavior which fires javascript to hash field value and
replace original value (###-##-)
This sounds simple enough, but since the length of the hashed string
to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Why not use a password field to keep the value hidden and SSL to make sure
there are no man in the middle attacks. Seems like you are making it too
hard?
- Original Message -
From
debate and the feature has
been requested and must be implemented as I described...
Craig McIlwee craig.mcil...@openroadsconsulting.com
08/02/2010 03:06 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Why
Subject:
Encrypt Form Fields Using JS
Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
Solution: Create behavior which fires javascript to hash field value
and
replace original value (###-##-)
This sounds simple enough, but since the length of the hashed string
08/02/2010 03:23 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
override getinputasarray() on the field and decrypt it there, that way
wicket sees the decrypted value
-igor
On Mon, Aug 2, 2010 at 12:14 PM
it should not replace a 'Q' with a '9'
Igor Vaynberg igor.vaynb...@gmail.com
08/02/2010 03:46 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
so how do you expect to validate on server side???
-igor
On Mon, Aug 2, 2010
Vaynberg igor.vaynb...@gmail.com
08/02/2010 03:23 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
override getinputasarray() on the field and decrypt it there, that way
wicket sees the decrypted value
-igor
On Mon
19 matches
Mail list logo