The only thing I've come up with to meet all the requirements is to set the hashed value to a hidden field, and replace the original value (123-45-6789) with all nines (999-99-9999). This would allow the validator to pass but puts a requirement on the js to validate the original value, ie it should not replace a 'Q' with a '9'
Igor Vaynberg <igor.vaynb...@gmail.com> 08/02/2010 03:46 PM Please respond to users@wicket.apache.org To users@wicket.apache.org cc Subject Re: Encrypt Form Fields Using JS so how do you expect to validate on server side??? -igor On Mon, Aug 2, 2010 at 12:29 PM, <mzem...@osc.state.ny.us> wrote: > Thanks for the reply, that would work however per our business rules the > encryption must be one-way and will not be decrypted... > > > > > Igor Vaynberg <igor.vaynb...@gmail.com> > 08/02/2010 03:23 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > override getinputasarray() on the field and decrypt it there, that way > wicket sees the decrypted value > > -igor > > On Mon, Aug 2, 2010 at 12:14 PM, <mzem...@osc.state.ny.us> wrote: >> I totally agree, seems like double-duty that accomplishes very little, > and >> actually adds overhead. But this is another debate and the feature has >> been requested and must be implemented as I described... >> >> >> >> >> "Craig McIlwee" <craig.mcil...@openroadsconsulting.com> >> 08/02/2010 03:06 PM >> Please respond to >> users@wicket.apache.org >> >> >> To >> users@wicket.apache.org >> cc >> >> Subject >> Re: Encrypt Form Fields Using JS >> >> >> >> >> >> >> Why not use a password field to keep the value hidden and SSL to make > sure >> there are no man in the middle attacks. Seems like you are making it > too >> hard? >> >> ----- Original Message ----- >> From: mzem...@osc.state.ny.us >> To: >> users@wicket.apache.org >> Sent: Mon, 02 Aug 2010 15:00:55 -0400 >> Subject: >> Encrypt Form Fields Using JS >> >> >>> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript) >>> >>> Solution: Create behavior which fires javascript to hash field value >> and >>> replace original value (###-##-####) >>> >>> This sounds simple enough, but since the length of the hashed string >> will >>> be considerably longer than the original string, validations on this >> field >>> (ssn must be nine digits) will fail. >>> >>> I've considered placing the hashed value into a hidden field, but then >> the >>> unencrypted value will be posted and the hashing accomplishes nothing. >> If >>> I clear out the original value I lose server-side validations. Anyone >>> have any ideas of the best way to accomplish this? >>> >>> >>> >>> Notice: This communication, including any attachments, is intended >> solely >>> for the use of the individual or entity to which it is addressed. This >>> communication may contain information that is protected from disclosure >>> under State and/or Federal law. Please notify the sender immediately if >>> you have received this communication in error and delete this email > from >> >>> your system. If you are not the intended recipient, you are requested >> not >>> to disclose, copy, distribute or take any action in reliance on the >>> contents of this information. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> >> >> >> >> >> Notice: This communication, including any attachments, is intended > solely >> for the use of the individual or entity to which it is addressed. This >> communication may contain information that is protected from disclosure >> under State and/or Federal law. Please notify the sender immediately if >> you have received this communication in error and delete this email from >> your system. If you are not the intended recipient, you are requested > not >> to disclose, copy, distribute or take any action in reliance on the >> contents of this information. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > Notice: This communication, including any attachments, is intended solely > for the use of the individual or entity to which it is addressed. This > communication may contain information that is protected from disclosure > under State and/or Federal law. Please notify the sender immediately if > you have received this communication in error and delete this email from > your system. If you are not the intended recipient, you are requested not > to disclose, copy, distribute or take any action in reliance on the > contents of this information. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org Notice: This communication, including any attachments, is intended solely for the use of the individual or entity to which it is addressed. This communication may contain information that is protected from disclosure under State and/or Federal law. Please notify the sender immediately if you have received this communication in error and delete this email from your system. If you are not the intended recipient, you are requested not to disclose, copy, distribute or take any action in reliance on the contents of this information.