Author |
Message |
14/05/2009 14:37:06
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hi Björn,
is the content of password field encrypted? Or is there a way to encrypt it before it will be send to the back end?
Regards,
Joachim
|
|
|
14/05/2009 15:08:26
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
When using normal http it is NOT encrypted. - Of course when using https then there is a "perfect" encryption on the whole message.
So, everyone who uses the system "quite seriously" should use https.
Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
15/05/2009 17:56:49
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hello Björn,
thank You for the answer.
If possible, we prefered HTTP. The requirements for SSL are much higher: The first is the need of a server certificate.
Is it possible to get client side MD5 encryption?
Regards,
Joachim
|
|
|
19/05/2009 17:11:49
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
OK, we now added encryption to the password field. You can select between all available encryptions that area available with MessageDigest.getInstance() (including MD5 and SHA-1).
Available with next update or on request.
Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
19/05/2009 18:04:07
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hi Brörn,
it's great!
Did You wrap a Swing textfield component?
I had a look into the EC manual "Adding own Components",
but found it as variant A (from A and B): "Documentation on (A) will follow."
Would be nice to get a sample.
Joachim
|
|
|
19/05/2009 18:11:35
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
Hi,
you simple have to specify the encryption method in the PASSWORD definition:
Code:
...
<t:password id="g_11" encryption="MD5" text="#{wp.DemoPassword.password2}" width="100" >
...
...same with SHA-encryption.
The value is then transferred from user input "aaaa" into some strange hash sequence inside the component on client side. To the server only the hash sequence "sdfgasdfjds83q24==" is sent.
Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
19/05/2009 19:39:56
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hi,
fine. That's the way we transmit passwords over the network and store passwords into a database table.There is no chance für database connection spoofing or TCP/IP paket collection.
The password policy can be checked within JavaScript - am I right?
How can I get the EC - JARs?
Joachim
|
|
|
20/05/2009 06:59:41
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hi,
JavaScript? How did I find this nonsense?
I ment: Java code inside the client component.
Joachim
|
|
|
25/05/2009 08:01:47
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
Encryption was added with 20090525.
Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
05/06/2009 09:31:44
|
unger
Power User
Joined: 22/07/2008 05:19:28
Messages: 261
Offline
|
Hello Björn,
would You switch on regex for password fields?
Joachim
|
|
|
05/06/2009 13:53:54
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
...this is part of next update (next Monday, planned)...
Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
|