override getinputasarray() on the field and decrypt it there, that way wicket sees the decrypted value
-igor On Mon, Aug 2, 2010 at 12:14 PM, <mzem...@osc.state.ny.us> wrote: > I totally agree, seems like double-duty that accomplishes very little, and > actually adds overhead. But this is another debate and the feature has > been requested and must be implemented as I described... > > > > > "Craig McIlwee" <craig.mcil...@openroadsconsulting.com> > 08/02/2010 03:06 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > Why not use a password field to keep the value hidden and SSL to make sure > there are no man in the middle attacks. Seems like you are making it too > hard? > > ----- Original Message ----- > From: mzem...@osc.state.ny.us > To: > users@wicket.apache.org > Sent: Mon, 02 Aug 2010 15:00:55 -0400 > Subject: > Encrypt Form Fields Using JS > > >> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript) >> >> Solution: Create behavior which fires javascript to hash field value > and >> replace original value (###-##-####) >> >> This sounds simple enough, but since the length of the hashed string > will >> be considerably longer than the original string, validations on this > field >> (ssn must be nine digits) will fail. >> >> I've considered placing the hashed value into a hidden field, but then > the >> unencrypted value will be posted and the hashing accomplishes nothing. > If >> I clear out the original value I lose server-side validations. Anyone >> have any ideas of the best way to accomplish this? >> >> >> >> Notice: This communication, including any attachments, is intended > solely >> for the use of the individual or entity to which it is addressed. This >> communication may contain information that is protected from disclosure >> under State and/or Federal law. Please notify the sender immediately if >> you have received this communication in error and delete this email from > >> your system. If you are not the intended recipient, you are requested > not >> to disclose, copy, distribute or take any action in reliance on the >> contents of this information. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > Notice: This communication, including any attachments, is intended solely > for the use of the individual or entity to which it is addressed. This > communication may contain information that is protected from disclosure > under State and/or Federal law. Please notify the sender immediately if > you have received this communication in error and delete this email from > your system. If you are not the intended recipient, you are requested not > to disclose, copy, distribute or take any action in reliance on the > contents of this information. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
