I totally agree, seems like double-duty that accomplishes very little, and 
actually adds overhead.  But this is another debate and the feature has 
been requested and must be implemented as I described...




"Craig McIlwee" <craig.mcil...@openroadsconsulting.com> 
08/02/2010 03:06 PM
Please respond to
users@wicket.apache.org


To
users@wicket.apache.org
cc

Subject
Re: Encrypt Form Fields Using JS






Why not use a password field to keep the value hidden and SSL to make sure 
there are no man in the middle attacks.  Seems like you are making it too 
hard?

----- Original Message -----
From: mzem...@osc.state.ny.us
To:
users@wicket.apache.org
Sent: Mon, 02 Aug 2010 15:00:55 -0400
Subject:
Encrypt Form Fields Using JS


> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
> 
> Solution:  Create behavior which fires javascript to hash field value 
and 
> replace original value (###-##-####)
> 
> This sounds simple enough, but since the length of the hashed string 
will 
> be considerably longer than the original string, validations on this 
field 
> (ssn must be nine digits) will fail.
> 
> I've considered placing the hashed value into a hidden field, but then 
the 
> unencrypted value will be posted and the hashing accomplishes nothing. 
If 
> I clear out the original value I lose server-side validations.  Anyone 
> have any ideas of the best way to accomplish this?
> 
> 
> 
> Notice: This communication, including any attachments, is intended 
solely 
> for the use of the individual or entity to which it is addressed. This 
> communication may contain information that is protected from disclosure 
> under State and/or Federal law. Please notify the sender immediately if 
> you have received this communication in error and delete this email from 

> your system. If you are not the intended recipient, you are requested 
not 
> to disclose, copy, distribute or take any action in reliance on the 
> contents of this information.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org






Notice: This communication, including any attachments, is intended solely 
for the use of the individual or entity to which it is addressed. This 
communication may contain information that is protected from disclosure 
under State and/or Federal law. Please notify the sender immediately if 
you have received this communication in error and delete this email from 
your system. If you are not the intended recipient, you are requested not 
to disclose, copy, distribute or take any action in reliance on the 
contents of this information.

Reply via email to