Re: Encrypt Form Fields Using JS

2010-08-06 Thread MZemeck
I should make it clear, the intention is to use SSL and JS one-way hash, not just JS... Jeremy Thomerson 08/03/2010 03:49 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS On Tue, Aug 3, 2010 at 1:24 PM, wrote: >

Re: Encrypt Form Fields Using JS

2010-08-03 Thread Jeremy Thomerson
On Tue, Aug 3, 2010 at 1:24 PM, wrote: > I have to laugh because I also agree its kind of crazy... > > Yes the original value must be hashed by the client. The reasoning being > that SSL could be broken and expose the data. I don't necessarily agree > but thats how the original system was writt

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
sulting.com > 08/03/2010 02:19 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > And, you don't want to convert it before you store it in the db? I

RE: Encrypt Form Fields Using JS

2010-08-03 Thread Jeffrey Schneller
s. There are plenty of jquery or standalone javascript ssn validators out there. -Original Message- From: mzem...@osc.state.ny.us [mailto:mzem...@osc.state.ny.us] Sent: Tuesday, August 03, 2010 2:24 PM To: users@wicket.apache.org Subject: Re: Encrypt Form Fields Using JS I have to

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
jcar...@carmanconsulting.com 08/03/2010 02:19 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, you don't want to convert it before you store it in the db? It must be converted at the browser level? Is there any more infor

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
James Carman > Sent by: jcar...@carmanconsulting.com > 08/03/2010 02:12 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > So, you never need to

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Correct James Carman Sent by: jcar...@carmanconsulting.com 08/03/2010 02:12 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS So, you never need to get the original values out of the database? On Tue, Aug 3, 2010 at

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
the spec I am working with. > > > > > James Carman > Sent by: jcar...@carmanconsulting.com > 08/03/2010 01:45 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS >

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, what does that buy you? Why do you want to submit one-way hashed values? On Tue, Aug 3, 2010 at 1:37 PM, wrote: > Ok, the value will be hashed, one-way...anyone have any ideas? > &g

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
2 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > Then it's not "encryption". Encrypted data should be readable to those > who > ha

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Ok, the value will be hashed, one-way...anyone have any ideas? James Carman Sent by: jcar...@carmanconsulting.com 08/02/2010 04:42 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Then it's not "

Re: Encrypt Form Fields Using JS

2010-08-02 Thread James Carman
. > > > > > Igor Vaynberg > 08/02/2010 03:23 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > override getinputasarray() on th

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
ie it should not replace a 'Q' with a '9' Igor Vaynberg 08/02/2010 03:46 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS so how do you expect to validate on server side??? -igor On Mon, Aug 2,

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Igor Vaynberg
3:23 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > override getinputasarray() on the field and decrypt it there, that way > wicket sees th

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
Thanks for the reply, that would work however per our business rules the encryption must be one-way and will not be decrypted... Igor Vaynberg 08/02/2010 03:23 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Igor Vaynberg
nd the feature has > been requested and must be implemented as I described... > > > > > "Craig McIlwee" > 08/02/2010 03:06 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
e.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Why not use a password field to keep the value hidden and SSL to make sure there are no man in the middle attacks. Seems like you are making it too hard? - Original Message - From: mzem...@osc.state.ny.us

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Craig McIlwee
Form Fields Using JS > Problem: Encrypt sensitive form fields (ie ssn) on client (javascript) > > Solution: Create behavior which fires javascript to hash field value and > replace original value (###-##-) > > This sounds simple enough, but since the length of the hashed

Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
Problem: Encrypt sensitive form fields (ie ssn) on client (javascript) Solution: Create behavior which fires javascript to hash field value and replace original value (###-##-) This sounds simple enough, but since the length of the hashed string will be considerably longer than the origina