Nic Ferrier wrote,
> This might be beneficial to the whole list... It
> *is* an enormous kludge though.
It's also totally insecure ... I hope noone is going to
rely on it for anything even faintly critical.
> The only problem with this is how to ensure:
> 1. that the applet gets sent
> 2. that the applet is initialised with the key to
> the cipher text properly
> and also:
> 3. how to deal with stuff that must come FROM the
> client encrypted,
These are the least of your problems. What's to prevent
an eavsedropper stealing both your page, *and* your
applet? The applet is, in effect, your decryption key,
so it would be *extremely* unwise to send it over an
insecure channel.
> Other than these faily major obstacles the system
> would be a *half way* decent alternative to SSL.
Depends on what you mean by 'half way'. To be honest
your 'solution' doesn't look an awful lot better than Base64 encoding the
plain text ;-)
Cheers,
Miles
--
Miles Sabin Cromwell Media
Internet Systems Architect 5/6 Glenthorne Mews
+44 (0)181 410 2230 London, W6 0LJ
[EMAIL PROTECTED] England
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
