On Tue, Aug 3, 2010 at 1:24 PM, <mzem...@osc.state.ny.us> wrote: > I have to laugh because I also agree its kind of crazy... > > Yes the original value must be hashed by the client. The reasoning being > that SSL could be broken and expose the data. I don't necessarily agree > but thats how the original system was written. >
Client side JavaScript can certainly be broken *MUCH* easier than SSL. Perhaps the following reference [1] will help you resolve this situation :) 1 - http://jobsearch.monster.com/PowerSearch.aspx?tjt=Programmer&where=New%20York -- Jeremy Thomerson http://www.wickettraining.com