so how do you expect to validate on server side???

-igor

On Mon, Aug 2, 2010 at 12:29 PM,  <mzem...@osc.state.ny.us> wrote:
> Thanks for the reply, that would work however per our business rules the
> encryption must be one-way and will not be decrypted...
>
>
>
>
> Igor Vaynberg <igor.vaynb...@gmail.com>
> 08/02/2010 03:23 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> override getinputasarray() on the field and decrypt it there, that way
> wicket sees the decrypted value
>
> -igor
>
> On Mon, Aug 2, 2010 at 12:14 PM,  <mzem...@osc.state.ny.us> wrote:
>> I totally agree, seems like double-duty that accomplishes very little,
> and
>> actually adds overhead.  But this is another debate and the feature has
>> been requested and must be implemented as I described...
>>
>>
>>
>>
>> "Craig McIlwee" <craig.mcil...@openroadsconsulting.com>
>> 08/02/2010 03:06 PM
>> Please respond to
>> users@wicket.apache.org
>>
>>
>> To
>> users@wicket.apache.org
>> cc
>>
>> Subject
>> Re: Encrypt Form Fields Using JS
>>
>>
>>
>>
>>
>>
>> Why not use a password field to keep the value hidden and SSL to make
> sure
>> there are no man in the middle attacks.  Seems like you are making it
> too
>> hard?
>>
>> ----- Original Message -----
>> From: mzem...@osc.state.ny.us
>> To:
>> users@wicket.apache.org
>> Sent: Mon, 02 Aug 2010 15:00:55 -0400
>> Subject:
>> Encrypt Form Fields Using JS
>>
>>
>>> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
>>>
>>> Solution:  Create behavior which fires javascript to hash field value
>> and
>>> replace original value (###-##-####)
>>>
>>> This sounds simple enough, but since the length of the hashed string
>> will
>>> be considerably longer than the original string, validations on this
>> field
>>> (ssn must be nine digits) will fail.
>>>
>>> I've considered placing the hashed value into a hidden field, but then
>> the
>>> unencrypted value will be posted and the hashing accomplishes nothing.
>> If
>>> I clear out the original value I lose server-side validations.  Anyone
>>> have any ideas of the best way to accomplish this?
>>>
>>>
>>>
>>> Notice: This communication, including any attachments, is intended
>> solely
>>> for the use of the individual or entity to which it is addressed. This
>>> communication may contain information that is protected from disclosure
>>> under State and/or Federal law. Please notify the sender immediately if
>>> you have received this communication in error and delete this email
> from
>>
>>> your system. If you are not the intended recipient, you are requested
>> not
>>> to disclose, copy, distribute or take any action in reliance on the
>>> contents of this information.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>>
>>
>>
>>
>> Notice: This communication, including any attachments, is intended
> solely
>> for the use of the individual or entity to which it is addressed. This
>> communication may contain information that is protected from disclosure
>> under State and/or Federal law. Please notify the sender immediately if
>> you have received this communication in error and delete this email from
>> your system. If you are not the intended recipient, you are requested
> not
>> to disclose, copy, distribute or take any action in reliance on the
>> contents of this information.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
>
>
>
>
> Notice: This communication, including any attachments, is intended solely
> for the use of the individual or entity to which it is addressed. This
> communication may contain information that is protected from disclosure
> under State and/or Federal law. Please notify the sender immediately if
> you have received this communication in error and delete this email from
> your system. If you are not the intended recipient, you are requested not
> to disclose, copy, distribute or take any action in reliance on the
> contents of this information.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to