> Milt Epstein wrote:
>
> But then isn't the password being sent in the clear, and hence
> vulnerable to snooping?
Here comes SSL (look the preceding messages). How password is sent -
is one task (for SSL), how password is stored at the server side - is
another
(I suggested encrypting for server side pwd file).
For some tasks clear text transmission might be acceptable (as in my case).
We have postponed this issue for better times.
But now I realise - my sample works on the client as well - and let them see
it,
the password still can not be decoded unless you have the password itself.
If anybody is interested in 128-bit (or more) variant email me (ONLY me -
do not spam the list, I do not want to be charged for that). I also have got
the initial RSA package which I used - but still can not remember where I
found it.
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Milt Epstein
Sent: Tuesday, February 01, 2000 7:06 PM
To: [EMAIL PROTECTED]
Subject: Re: Encryption !!
On Tue, 1 Feb 2000, Mikhail A.Golovanov wrote:
> You'd better not encrypt passwords on the client side - and there is
> no need to do so. At least I did not mean that. You POST
> username/password to a servlet as usual and that servlet does all
> the necessary calculations and checking.
[ ... ]
But then isn't the password being sent in the clear, and hence
vulnerable to snooping?
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
