On Tue, Aug 3, 2010 at 1:24 PM, <mzem...@osc.state.ny.us> wrote:

> I have to laugh because I also agree its kind of crazy...
> Yes the original value must be hashed by the client.  The reasoning being
> that SSL could be broken and expose the data.  I don't necessarily agree
> but thats how the original system was written.

Client side JavaScript can certainly be broken *MUCH* easier than SSL.
 Perhaps the following reference [1] will help you resolve this situation :)

1 -

Jeremy Thomerson

Reply via email to