I should make it clear, the intention is to use SSL and JS one-way hash,
not just JS...
Jeremy Thomerson
08/03/2010 03:49 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
On Tue, Aug 3, 2010 at 1:24 PM, wrote:
>
On Tue, Aug 3, 2010 at 1:24 PM, wrote:
> I have to laugh because I also agree its kind of crazy...
>
> Yes the original value must be hashed by the client. The reasoning being
> that SSL could be broken and expose the data. I don't necessarily agree
> but thats how the original system was writt
sulting.com
> 08/03/2010 02:19 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> And, you don't want to convert it before you store it in the db? I
s. There are plenty of jquery or standalone javascript ssn
validators out there.
-Original Message-
From: mzem...@osc.state.ny.us [mailto:mzem...@osc.state.ny.us]
Sent: Tuesday, August 03, 2010 2:24 PM
To: users@wicket.apache.org
Subject: Re: Encrypt Form Fields Using JS
I have to
jcar...@carmanconsulting.com
08/03/2010 02:19 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, you don't want to convert it before you store it in the db? It must
be
converted at the browser level? Is there any more infor
James Carman
> Sent by: jcar...@carmanconsulting.com
> 08/03/2010 02:12 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> So, you never need to
Correct
James Carman
Sent by: jcar...@carmanconsulting.com
08/03/2010 02:12 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
So, you never need to get the original values out of the database?
On Tue, Aug 3, 2010 at
the spec I am working with.
>
>
>
>
> James Carman
> Sent by: jcar...@carmanconsulting.com
> 08/03/2010 01:45 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
And, what does that buy you? Why do you want to submit one-way hashed
values?
On Tue, Aug 3, 2010 at 1:37 PM, wrote:
> Ok, the value will be hashed, one-way...anyone have any ideas?
>
&g
2 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> Then it's not "encryption". Encrypted data should be readable to those
> who
> ha
Ok, the value will be hashed, one-way...anyone have any ideas?
James Carman
Sent by: jcar...@carmanconsulting.com
08/02/2010 04:42 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Then it's not "
.
>
>
>
>
> Igor Vaynberg
> 08/02/2010 03:23 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> override getinputasarray() on th
ie it should not replace a 'Q' with a '9'
Igor Vaynberg
08/02/2010 03:46 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
so how do you expect to validate on server side???
-igor
On Mon, Aug 2,
3:23 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form Fields Using JS
>
>
>
>
>
>
> override getinputasarray() on the field and decrypt it there, that way
> wicket sees th
Thanks for the reply, that would work however per our business rules the
encryption must be one-way and will not be decrypted...
Igor Vaynberg
08/02/2010 03:23 PM
Please respond to
users@wicket.apache.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
nd the feature has
> been requested and must be implemented as I described...
>
>
>
>
> "Craig McIlwee"
> 08/02/2010 03:06 PM
> Please respond to
> users@wicket.apache.org
>
>
> To
> users@wicket.apache.org
> cc
>
> Subject
> Re: Encrypt Form
e.org
To
users@wicket.apache.org
cc
Subject
Re: Encrypt Form Fields Using JS
Why not use a password field to keep the value hidden and SSL to make sure
there are no man in the middle attacks. Seems like you are making it too
hard?
- Original Message -
From: mzem...@osc.state.ny.us
Form Fields Using JS
> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
>
> Solution: Create behavior which fires javascript to hash field value and
> replace original value (###-##-)
>
> This sounds simple enough, but since the length of the hashed
Problem: Encrypt sensitive form fields (ie ssn) on client (javascript)
Solution: Create behavior which fires javascript to hash field value and
replace original value (###-##-)
This sounds simple enough, but since the length of the hashed string will
be considerably longer than the origina
19 matches
Mail list logo
