Why not use a password field to keep the value hidden and SSL to make sure 
there are no man in the middle attacks.  Seems like you are making it too hard?

----- Original Message -----
From: mzem...@osc.state.ny.us
To:
users@wicket.apache.org
Sent: Mon, 02 Aug 2010 15:00:55 -0400
Subject:
Encrypt Form Fields Using JS


> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
> 
> Solution:  Create behavior which fires javascript to hash field value and 
> replace original value (###-##-####)
> 
> This sounds simple enough, but since the length of the hashed string will 
> be considerably longer than the original string, validations on this field 
> (ssn must be nine digits) will fail.
> 
> I've considered placing the hashed value into a hidden field, but then the 
> unencrypted value will be posted and the hashing accomplishes nothing.  If 
> I clear out the original value I lose server-side validations.  Anyone 
> have any ideas of the best way to accomplish this?
> 
> 
> 
> Notice: This communication, including any attachments, is intended solely 
> for the use of the individual or entity to which it is addressed. This 
> communication may contain information that is protected from disclosure 
> under State and/or Federal law. Please notify the sender immediately if 
> you have received this communication in error and delete this email from 
> your system. If you are not the intended recipient, you are requested not 
> to disclose, copy, distribute or take any action in reliance on the 
> contents of this information.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to