So, you never need to get the original values out of the database?

On Tue, Aug 3, 2010 at 2:10 PM, <mzem...@osc.state.ny.us> wrote:

> An already existing system is being rewritten and the db currently stores
> hashed values.  I don't disagree there are better ways to reach the end
> goal, but this is the spec I am working with.
>
>
>
>
> James Carman <ja...@carmanconsulting.com>
> Sent by: jcar...@carmanconsulting.com
> 08/03/2010 01:45 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> And, what does that buy you?  Why do you want to submit one-way hashed
> values?
>
> On Tue, Aug 3, 2010 at 1:37 PM, <mzem...@osc.state.ny.us> wrote:
>
> > Ok, the value will be hashed, one-way...anyone have any ideas?
> >
> >
> >
> >
> > James Carman <ja...@carmanconsulting.com>
> > Sent by: jcar...@carmanconsulting.com
> > 08/02/2010 04:42 PM
> > Please respond to
> > users@wicket.apache.org
> >
> >
> > To
> > users@wicket.apache.org
> > cc
> >
> > Subject
> > Re: Encrypt Form Fields Using JS
> >
> >
> >
> >
> >
> >
> > Then it's not "encryption".  Encrypted data should be readable to those
> > who
> > have the "key."
> >
> > On Mon, Aug 2, 2010 at 3:29 PM, <mzem...@osc.state.ny.us> wrote:
> >
> > > Thanks for the reply, that would work however per our business rules
> the
> > > encryption must be one-way and will not be decrypted...
> > >
> > >
> > >
> > >
> > > Igor Vaynberg <igor.vaynb...@gmail.com>
> > > 08/02/2010 03:23 PM
> > > Please respond to
> > > users@wicket.apache.org
> > >
> > >
> > > To
> > > users@wicket.apache.org
> > > cc
> > >
> > > Subject
> > > Re: Encrypt Form Fields Using JS
> > >
> > >
> > >
> > >
> > >
> > >
> > > override getinputasarray() on the field and decrypt it there, that way
> > > wicket sees the decrypted value
> > >
> > > -igor
> > >
> > > On Mon, Aug 2, 2010 at 12:14 PM,  <mzem...@osc.state.ny.us> wrote:
> > > > I totally agree, seems like double-duty that accomplishes very
> little,
> > > and
> > > > actually adds overhead.  But this is another debate and the feature
> > has
> > > > been requested and must be implemented as I described...
> > > >
> > > >
> > > >
> > > >
> > > > "Craig McIlwee" <craig.mcil...@openroadsconsulting.com>
> > > > 08/02/2010 03:06 PM
> > > > Please respond to
> > > > users@wicket.apache.org
> > > >
> > > >
> > > > To
> > > > users@wicket.apache.org
> > > > cc
> > > >
> > > > Subject
> > > > Re: Encrypt Form Fields Using JS
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Why not use a password field to keep the value hidden and SSL to
> make
> > > sure
> > > > there are no man in the middle attacks.  Seems like you are making
> it
> > > too
> > > > hard?
> > > >
> > > > ----- Original Message -----
> > > > From: mzem...@osc.state.ny.us
> > > > To:
> > > > users@wicket.apache.org
> > > > Sent: Mon, 02 Aug 2010 15:00:55 -0400
> > > > Subject:
> > > > Encrypt Form Fields Using JS
> > > >
> > > >
> > > >> Problem: Encrypt sensitive form fields (ie ssn) on client
> > (javascript)
> > > >>
> > > >> Solution:  Create behavior which fires javascript to hash field
> value
> > > > and
> > > >> replace original value (###-##-####)
> > > >>
> > > >> This sounds simple enough, but since the length of the hashed
> string
> > > > will
> > > >> be considerably longer than the original string, validations on
> this
> > > > field
> > > >> (ssn must be nine digits) will fail.
> > > >>
> > > >> I've considered placing the hashed value into a hidden field, but
> > then
> > > > the
> > > >> unencrypted value will be posted and the hashing accomplishes
> > nothing.
> > > > If
> > > >> I clear out the original value I lose server-side validations.
> Anyone
> > > >> have any ideas of the best way to accomplish this?
> > > >>
> > > >>
> > > >>
> > > >> Notice: This communication, including any attachments, is intended
> > > > solely
> > > >> for the use of the individual or entity to which it is addressed.
> > This
> > > >> communication may contain information that is protected from
> > disclosure
> > > >> under State and/or Federal law. Please notify the sender
> immediately
> > if
> > > >> you have received this communication in error and delete this email
> > > from
> > > >
> > > >> your system. If you are not the intended recipient, you are
> requested
> > > > not
> > > >> to disclose, copy, distribute or take any action in reliance on the
> > > >> contents of this information.
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > > > For additional commands, e-mail: users-h...@wicket.apache.org
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Notice: This communication, including any attachments, is intended
> > > solely
> > > > for the use of the individual or entity to which it is addressed.
> This
> > > > communication may contain information that is protected from
> > disclosure
> > > > under State and/or Federal law. Please notify the sender immediately
> > if
> > > > you have received this communication in error and delete this email
> > from
> > > > your system. If you are not the intended recipient, you are
> requested
> > > not
> > > > to disclose, copy, distribute or take any action in reliance on the
> > > > contents of this information.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > > For additional commands, e-mail: users-h...@wicket.apache.org
> > >
> > >
> > >
> > >
> > >
> > >
> > > Notice: This communication, including any attachments, is intended
> > solely
> > > for the use of the individual or entity to which it is addressed. This
> > > communication may contain information that is protected from
> disclosure
> > > under State and/or Federal law. Please notify the sender immediately
> if
> > > you have received this communication in error and delete this email
> from
> > > your system. If you are not the intended recipient, you are requested
> > not
> > > to disclose, copy, distribute or take any action in reliance on the
> > > contents of this information.
> > >
> >
> >
> >
> >
> >
> > Notice: This communication, including any attachments, is intended
> solely
> > for the use of the individual or entity to which it is addressed. This
> > communication may contain information that is protected from disclosure
> > under State and/or Federal law. Please notify the sender immediately if
> > you have received this communication in error and delete this email from
> > your system. If you are not the intended recipient, you are requested
> not
> > to disclose, copy, distribute or take any action in reliance on the
> > contents of this information.
>
>
>
>
>
> Notice: This communication, including any attachments, is intended solely
> for the use of the individual or entity to which it is addressed. This
> communication may contain information that is protected from disclosure
> under State and/or Federal law. Please notify the sender immediately if
> you have received this communication in error and delete this email from
> your system. If you are not the intended recipient, you are requested not
> to disclose, copy, distribute or take any action in reliance on the
> contents of this information.
>

Reply via email to