Then it's not "encryption". Encrypted data should be readable to those who have the "key."
On Mon, Aug 2, 2010 at 3:29 PM, <mzem...@osc.state.ny.us> wrote: > Thanks for the reply, that would work however per our business rules the > encryption must be one-way and will not be decrypted... > > > > > Igor Vaynberg <igor.vaynb...@gmail.com> > 08/02/2010 03:23 PM > Please respond to > users@wicket.apache.org > > > To > users@wicket.apache.org > cc > > Subject > Re: Encrypt Form Fields Using JS > > > > > > > override getinputasarray() on the field and decrypt it there, that way > wicket sees the decrypted value > > -igor > > On Mon, Aug 2, 2010 at 12:14 PM, <mzem...@osc.state.ny.us> wrote: > > I totally agree, seems like double-duty that accomplishes very little, > and > > actually adds overhead. But this is another debate and the feature has > > been requested and must be implemented as I described... > > > > > > > > > > "Craig McIlwee" <craig.mcil...@openroadsconsulting.com> > > 08/02/2010 03:06 PM > > Please respond to > > users@wicket.apache.org > > > > > > To > > users@wicket.apache.org > > cc > > > > Subject > > Re: Encrypt Form Fields Using JS > > > > > > > > > > > > > > Why not use a password field to keep the value hidden and SSL to make > sure > > there are no man in the middle attacks. Seems like you are making it > too > > hard? > > > > ----- Original Message ----- > > From: mzem...@osc.state.ny.us > > To: > > users@wicket.apache.org > > Sent: Mon, 02 Aug 2010 15:00:55 -0400 > > Subject: > > Encrypt Form Fields Using JS > > > > > >> Problem: Encrypt sensitive form fields (ie ssn) on client (javascript) > >> > >> Solution: Create behavior which fires javascript to hash field value > > and > >> replace original value (###-##-####) > >> > >> This sounds simple enough, but since the length of the hashed string > > will > >> be considerably longer than the original string, validations on this > > field > >> (ssn must be nine digits) will fail. > >> > >> I've considered placing the hashed value into a hidden field, but then > > the > >> unencrypted value will be posted and the hashing accomplishes nothing. > > If > >> I clear out the original value I lose server-side validations. Anyone > >> have any ideas of the best way to accomplish this? > >> > >> > >> > >> Notice: This communication, including any attachments, is intended > > solely > >> for the use of the individual or entity to which it is addressed. This > >> communication may contain information that is protected from disclosure > >> under State and/or Federal law. Please notify the sender immediately if > >> you have received this communication in error and delete this email > from > > > >> your system. If you are not the intended recipient, you are requested > > not > >> to disclose, copy, distribute or take any action in reliance on the > >> contents of this information. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > > > > > > > > Notice: This communication, including any attachments, is intended > solely > > for the use of the individual or entity to which it is addressed. This > > communication may contain information that is protected from disclosure > > under State and/or Federal law. Please notify the sender immediately if > > you have received this communication in error and delete this email from > > your system. If you are not the intended recipient, you are requested > not > > to disclose, copy, distribute or take any action in reliance on the > > contents of this information. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > Notice: This communication, including any attachments, is intended solely > for the use of the individual or entity to which it is addressed. This > communication may contain information that is protected from disclosure > under State and/or Federal law. Please notify the sender immediately if > you have received this communication in error and delete this email from > your system. If you are not the intended recipient, you are requested not > to disclose, copy, distribute or take any action in reliance on the > contents of this information. >
