> Date: Fri, 09 Mar 2001 16:21:43
> To: [EMAIL PROTECTED]
> From: "Thomas O' Connor" <[EMAIL PROTECTED]>
> Subject: Tomcat security.
> Message-ID: <[EMAIL PROTECTED]>
>
> Does anyone know a simple way to encrypt information sent
> from a jsp page
> hosted on tomcat and then decrypt the info when it reaches
> the database(ms
> access).
> Any help appreciated.
> Tom.
Typically the information isn't sent from the jsp page it's sent by the client's
browser.
If you are sending sensitive information as well as receiving it your simplest option
is SSL :-) It isn't that difficult to set up
considering the possible security holes or development overhead in the alternatives.
There are various applet/servlet methods that would allow you to encrypt two way
communications between the browser and Tomcat.
I believe there are also Javascript methods to do the same. The problem with those is
they don't work with Netscape (in my
experience you can't modify a hidden field on Netscape which would force you to fall
back to opening and populating a new browser
window (min size 100 x 100) with the encrypted data and then posting that.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
