You'd better not encrypt passwords on the client side - and there is no
need to do so. At least I did not mean that. You POST username/password
to a servlet as usual and that servlet does all the necessary calculations
and
checking.
So no Javascript, God forbid.
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Meghadri
Ghosh
Sent: Monday, January 31, 2000 7:02 PM
To: [EMAIL PROTECTED]
Subject: Re: Encryption !!
SSL would probably be the most practical solution, and would be acceptable
to the clients of the products. I have not done much work in Java or
Javascript, but I am not sure how the arithmetic required for the encryption
code could be managed in Javascript. (Implement it in an applet, instead?).
I have tinkered around with n-bit arithmetic in C/C++, and felt never too
sure whether the implementation was correct through the range of number
covered by the bit length :)
Could the Javascript be hidden, at least at a superficial level, by defining
it in a separate file which is included via the SRC tag, or using
document.write(...). It has been my observation that viewing the source from
the browser, simply displays these including tags, and not the script code.
- meghadri
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
