And, what does that buy you?  Why do you want to submit one-way hashed
values?

On Tue, Aug 3, 2010 at 1:37 PM, <mzem...@osc.state.ny.us> wrote:

> Ok, the value will be hashed, one-way...anyone have any ideas?
>
>
>
>
> James Carman <ja...@carmanconsulting.com>
> Sent by: jcar...@carmanconsulting.com
> 08/02/2010 04:42 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> Then it's not "encryption".  Encrypted data should be readable to those
> who
> have the "key."
>
> On Mon, Aug 2, 2010 at 3:29 PM, <mzem...@osc.state.ny.us> wrote:
>
> > Thanks for the reply, that would work however per our business rules the
> > encryption must be one-way and will not be decrypted...
> >
> >
> >
> >
> > Igor Vaynberg <igor.vaynb...@gmail.com>
> > 08/02/2010 03:23 PM
> > Please respond to
> > users@wicket.apache.org
> >
> >
> > To
> > users@wicket.apache.org
> > cc
> >
> > Subject
> > Re: Encrypt Form Fields Using JS
> >
> >
> >
> >
> >
> >
> > override getinputasarray() on the field and decrypt it there, that way
> > wicket sees the decrypted value
> >
> > -igor
> >
> > On Mon, Aug 2, 2010 at 12:14 PM,  <mzem...@osc.state.ny.us> wrote:
> > > I totally agree, seems like double-duty that accomplishes very little,
> > and
> > > actually adds overhead.  But this is another debate and the feature
> has
> > > been requested and must be implemented as I described...
> > >
> > >
> > >
> > >
> > > "Craig McIlwee" <craig.mcil...@openroadsconsulting.com>
> > > 08/02/2010 03:06 PM
> > > Please respond to
> > > users@wicket.apache.org
> > >
> > >
> > > To
> > > users@wicket.apache.org
> > > cc
> > >
> > > Subject
> > > Re: Encrypt Form Fields Using JS
> > >
> > >
> > >
> > >
> > >
> > >
> > > Why not use a password field to keep the value hidden and SSL to make
> > sure
> > > there are no man in the middle attacks.  Seems like you are making it
> > too
> > > hard?
> > >
> > > ----- Original Message -----
> > > From: mzem...@osc.state.ny.us
> > > To:
> > > users@wicket.apache.org
> > > Sent: Mon, 02 Aug 2010 15:00:55 -0400
> > > Subject:
> > > Encrypt Form Fields Using JS
> > >
> > >
> > >> Problem: Encrypt sensitive form fields (ie ssn) on client
> (javascript)
> > >>
> > >> Solution:  Create behavior which fires javascript to hash field value
> > > and
> > >> replace original value (###-##-####)
> > >>
> > >> This sounds simple enough, but since the length of the hashed string
> > > will
> > >> be considerably longer than the original string, validations on this
> > > field
> > >> (ssn must be nine digits) will fail.
> > >>
> > >> I've considered placing the hashed value into a hidden field, but
> then
> > > the
> > >> unencrypted value will be posted and the hashing accomplishes
> nothing.
> > > If
> > >> I clear out the original value I lose server-side validations. Anyone
> > >> have any ideas of the best way to accomplish this?
> > >>
> > >>
> > >>
> > >> Notice: This communication, including any attachments, is intended
> > > solely
> > >> for the use of the individual or entity to which it is addressed.
> This
> > >> communication may contain information that is protected from
> disclosure
> > >> under State and/or Federal law. Please notify the sender immediately
> if
> > >> you have received this communication in error and delete this email
> > from
> > >
> > >> your system. If you are not the intended recipient, you are requested
> > > not
> > >> to disclose, copy, distribute or take any action in reliance on the
> > >> contents of this information.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > > For additional commands, e-mail: users-h...@wicket.apache.org
> > >
> > >
> > >
> > >
> > >
> > >
> > > Notice: This communication, including any attachments, is intended
> > solely
> > > for the use of the individual or entity to which it is addressed. This
> > > communication may contain information that is protected from
> disclosure
> > > under State and/or Federal law. Please notify the sender immediately
> if
> > > you have received this communication in error and delete this email
> from
> > > your system. If you are not the intended recipient, you are requested
> > not
> > > to disclose, copy, distribute or take any action in reliance on the
> > > contents of this information.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
> >
> >
> >
> >
> > Notice: This communication, including any attachments, is intended
> solely
> > for the use of the individual or entity to which it is addressed. This
> > communication may contain information that is protected from disclosure
> > under State and/or Federal law. Please notify the sender immediately if
> > you have received this communication in error and delete this email from
> > your system. If you are not the intended recipient, you are requested
> not
> > to disclose, copy, distribute or take any action in reliance on the
> > contents of this information.
> >
>
>
>
>
>
> Notice: This communication, including any attachments, is intended solely
> for the use of the individual or entity to which it is addressed. This
> communication may contain information that is protected from disclosure
> under State and/or Federal law. Please notify the sender immediately if
> you have received this communication in error and delete this email from
> your system. If you are not the intended recipient, you are requested not
> to disclose, copy, distribute or take any action in reliance on the
> contents of this information.

Reply via email to