Bragg, Casey wrote:
>
> I'm looking for any ideas on how to communicate a password
> (entered into a browser form on a jsp page) to a servlet or bean securely.
>
> As far as I can tell, on a POST my password text is plainly exposed
> (unencrypted) as it traverses HTTP back to the server. This can't be
> the norm. How do Yahoo, Excite and others implement this when logging on?
You use the secure server protocol (HTTP over SSL) to talk to the
server. When you are ordering a book next time at amazon notice that
when you are typing your password the little padlock is lit up. That
means you are using SSL and so the messages are confidential (as well as
being not susceptible to replay attacks and other message integrity
problems).
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
