Thiag Jayachandran wrote: > You can use ENCRYPT and DECRYPT functions which are available in jbase > and there is no routine/functions available in T24 core for this > purpose. T24 user password is using one way algorithem and it cant be > decrypted so its better to use ENCRYPT and DECRYPT functions for your > requirement > > you can get more info > > http://www.jbase.com/knowledgebase/manuals/3.0/30manpages/man/jbc2_ENCRYPT.htm > Unless the things being protected by passwords are not particularly important, I strongly suggest that you re-think how you are doing this. The ENCRYPT and DECRYPT routines are really there as legacy functions and the algorithms they employ are way too simple to be regarded as secure in any way.
In the field of security and encryption it has long been known that anything that involves storing keys in any obvious way is inherently insecure. So even with a very string encryption, if the key is stored on disk or in a program then it is relatively easy to hack it. The suggested mechanism would immediately fail any decent security audit. Conversely, if the key is something that must be typed in, then it will have to be given to people - most of whom will write it on a slip of paper and put it in their wallets. Finally, most fraud is perpetrated by people with access to systems, in which case there isn't much you can do in software except create an audit trail. Jim --~--~---------~--~----~------------~-------~--~----~ Please read the posting guidelines at: http://groups.google.com/group/jBASE/web/Posting%20Guidelines IMPORTANT: Type T24: at the start of the subject line for questions specific to Globus/T24 To post, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit this group at http://groups.google.com/group/jBASE?hl=en -~----------~----~----~----~------~----~------~--~---
