On Tue, 1 Feb 2000, Mikhail A.Golovanov wrote:
> You'd better not encrypt passwords on the client side - and there is
> no need to do so. At least I did not mean that. You POST
> username/password to a servlet as usual and that servlet does all
> the necessary calculations and checking.
[ ... ]
But then isn't the password being sent in the clear, and hence
vulnerable to snooping?
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet API
> Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Meghadri
> Ghosh
> Sent: Monday, January 31, 2000 7:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Encryption !!
>
>
> SSL would probably be the most practical solution, and would be acceptable
> to the clients of the products. I have not done much work in Java or
> Javascript, but I am not sure how the arithmetic required for the encryption
> code could be managed in Javascript. (Implement it in an applet, instead?).
> I have tinkered around with n-bit arithmetic in C/C++, and felt never too
> sure whether the implementation was correct through the range of number
> covered by the bit length :)
>
> Could the Javascript be hidden, at least at a superficial level, by defining
> it in a separate file which is included via the SRC tag, or using
> document.write(...). It has been my observation that viewing the source from
> the browser, simply displays these including tags, and not the script code.
>
> - meghadri
>
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
