Re: Encrypt Form Fields Using JS

2010-08-06 Thread MZemeck
I should make it clear, the intention is to use SSL and JS one-way hash, not just JS... Jeremy Thomerson jer...@wickettraining.com 08/03/2010 03:49 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS On Tue, Aug 3, 2010

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Ok, the value will be hashed, one-way...anyone have any ideas? James Carman ja...@carmanconsulting.com Sent by: jcar...@carmanconsulting.com 08/02/2010 04:42 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Then it's

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
/2010 04:42 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Then it's not encryption. Encrypted data should be readable to those who have the key. On Mon, Aug 2, 2010 at 3:29 PM, mzem...@osc.state.ny.us wrote

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, what does that buy you? Why do you want to submit one-way hashed values? On Tue, Aug 3, 2010 at 1:37 PM, mzem...@osc.state.ny.us wrote: Ok, the value will be hashed, one

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
, but this is the spec I am working with. James Carman ja...@carmanconsulting.com Sent by: jcar...@carmanconsulting.com 08/03/2010 01:45 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, what does that buy you? Why do

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Correct James Carman ja...@carmanconsulting.com Sent by: jcar...@carmanconsulting.com 08/03/2010 02:12 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS So, you never need to get the original values out of the database

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
Carman ja...@carmanconsulting.com Sent by: jcar...@carmanconsulting.com 08/03/2010 02:12 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS So, you never need to get the original values out of the database? On Tue

Re: Encrypt Form Fields Using JS

2010-08-03 Thread MZemeck
Sent by: jcar...@carmanconsulting.com 08/03/2010 02:19 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, you don't want to convert it before you store it in the db? It must be converted at the browser level

RE: Encrypt Form Fields Using JS

2010-08-03 Thread Jeffrey Schneller
or standalone javascript ssn validators out there. -Original Message- From: mzem...@osc.state.ny.us [mailto:mzem...@osc.state.ny.us] Sent: Tuesday, August 03, 2010 2:24 PM To: users@wicket.apache.org Subject: Re: Encrypt Form Fields Using JS I have to laugh because I also agree its kind

Re: Encrypt Form Fields Using JS

2010-08-03 Thread James Carman
/2010 02:19 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS And, you don't want to convert it before you store it in the db? It must be converted at the browser level? Is there any more information you can give us

Re: Encrypt Form Fields Using JS

2010-08-03 Thread Jeremy Thomerson
On Tue, Aug 3, 2010 at 1:24 PM, mzem...@osc.state.ny.us wrote: I have to laugh because I also agree its kind of crazy... Yes the original value must be hashed by the client. The reasoning being that SSL could be broken and expose the data. I don't necessarily agree but thats how the

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Craig McIlwee
Why not use a password field to keep the value hidden and SSL to make sure there are no man in the middle attacks. Seems like you are making it too hard? - Original Message - From: mzem...@osc.state.ny.us To: users@wicket.apache.org Sent: Mon, 02 Aug 2010 15:00:55 -0400 Subject: Encrypt

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Why not use a password field to keep the value hidden and SSL to make sure there are no man in the middle attacks. Seems like you are making it too hard? - Original Message - From

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Igor Vaynberg
debate and the feature has been requested and must be implemented as I described... Craig McIlwee craig.mcil...@openroadsconsulting.com 08/02/2010 03:06 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS Why

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
. But this is another debate and the feature has been requested and must be implemented as I described... Craig McIlwee craig.mcil...@openroadsconsulting.com 08/02/2010 03:06 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using

Re: Encrypt Form Fields Using JS

2010-08-02 Thread Igor Vaynberg
08/02/2010 03:23 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS override getinputasarray() on the field and decrypt it there, that way wicket sees the decrypted value -igor On Mon, Aug 2, 2010 at 12:14 PM

Re: Encrypt Form Fields Using JS

2010-08-02 Thread MZemeck
it should not replace a 'Q' with a '9' Igor Vaynberg igor.vaynb...@gmail.com 08/02/2010 03:46 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS so how do you expect to validate on server side??? -igor On Mon, Aug 2, 2010

Re: Encrypt Form Fields Using JS

2010-08-02 Thread James Carman
Vaynberg igor.vaynb...@gmail.com 08/02/2010 03:23 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS override getinputasarray() on the field and decrypt it there, that way wicket sees the decrypted value -igor On Mon