> Where do you do the md5 hash: client side or server side?
> Do you hash JUST the
> password, or other identifying information as well?
Server side.
> then you're transmitting the actual password in
> plaintext, and I don't see
> where the hash helps.
We rely on SSL for this security. :)
On Friday 19 April 2002 01:56 pm, Bill Eldridge wrote:
> Chuck Esterbrook wrote:
> > On Friday 19 April 2002 08:26 am, Geoffrey Talvola wrote:
> > > Perhaps Chuck could tackle these items, since he's the
> > > most familiar with the exception reporting code, having
> > > significantly enhanced it
Chuck Esterbrook wrote:
>
> On Friday 19 April 2002 08:26 am, Geoffrey Talvola wrote:
> > Perhaps Chuck could tackle these items, since he's the most
> > familiar with the exception reporting code, having significantly
> > enhanced it recently. Or at least provide some help on how
> > to make the
On Thursday 18 April 2002 08:46 pm, Luke Opperman wrote:
> Passwords: We're using md5 hashes. If a user loses their
> password, we generate a new one and ask them to change it
> once they login.
I think it's Amazon that generates a URL for you instead of a new
password. You click on it and set a
On Friday 19 April 2002 08:26 am, Geoffrey Talvola wrote:
> Perhaps Chuck could tackle these items, since he's the most
> familiar with the exception reporting code, having significantly
> enhanced it recently. Or at least provide some help on how
> to make these changes.
Ah, the infamous pressur
Why not just mail a one line summary of the error, (Exception,line
number), with a reference to a secure URI where you can pick up the full
gory details?
___
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/w
Luke Opperman wrote:
> Which leads to a problem: the CC number/info are sent
> plaintext in the emails. So, what are you guys doing for
> this? Would it be possible to have someway in Webware to
> set some form fields that are NOT logged/emailed?
Not currently.
I'm not really sure how to do it e
Luke Opperman wrote:
> Which leads to a problem: the CC number/info are sent
> plaintext in the emails. So, what are you guys doing for
> this? Would it be possible to have someway in Webware to
> set some form fields that are NOT logged/emailed?
find where it's being mailed.
fullmail = self.ful
Chuck Esterbrook wrote:
> I need to encrypt the passwords and credit card numbers in my database.
> Any recommendations on an approach?
There's a Python Twofish module that looks
simple to use and is rather fast and secure
http://sourceforge.net/projects/twofish-py/
There's also Ycrypt, which
- Original Message -
From: "Luke Opperman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 18, 2002 11:46 PM
Subject: Re: [Webware-discuss] encryption
> Passwords: We're using md5 hashes. If a user loses their
> password, we generate a new one
Passwords: We're using md5 hashes. If a user loses their
password, we generate a new one and ask them to change it
once they login.
Credit Cards: PGP pairs. But I've got a question specific
to WebWare here:
We're in the middle of our first CC site in Webware, and
have been logging/emailing error
> I need to encrypt the passwords and credit card numbers in my database.
> Any recommendations on an approach?
There's an informative Slashdot thread on the topic of protecting billing
information. It probably goes beyond what concerns you, and is more
concerned with practices than specific tech
t; To: [EMAIL PROTECTED]
> Subject: [Webware-discuss] encryption
>
>
> I need to encrypt the passwords and credit card numbers in my database.
> Any recommendations on an approach?
If there's any way to store the information behind a firewall, that
would be the best. The webs
f you ever
want to tell them what their password _was_.
--jim
-Original Message-
From: Chuck Esterbrook [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 18, 2002 4:20 PM
To: [EMAIL PROTECTED]
Subject: [Webware-discuss] encryption
I need to encrypt the passwords and credit card numbers
I need to encrypt the passwords and credit card numbers in my database.
Any recommendations on an approach?
-Chuck
___
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
15 matches
Mail list logo
