Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Web Application Security
Back to list
|
Post reply
Securing password between webserver & appserver.
Sep 07 2009 06:04AM
Chintan Oza (chintan oza gmail com)
(7 replies)
Dear All,
We have a web application which perform user authentication on
id+password basis.
The architecture is like this.
Browser<-HTTPS->WebServer<-->AppServer
We have a requirement where password should not be available to the
WebServer (even in hashed format).
Only solution that I can think of is having an Applet performing PKI
encryption on the password before submitting the form.
Please suggest if there are any better alternatives.
Thanks,
Chintan
[ reply ]
Re: Securing password between webserver & appserver.
Sep 08 2009 11:58PM
Till Elsner (Till Elsner uni-duesseldorf de)
(1 replies)
Re: Securing password between webserver & appserver.
Sep 09 2009 03:34AM
bigbert007 (bigbert007 gmail com)
(1 replies)
RE: Securing password between webserver & appserver.
Sep 09 2009 06:14PM
Calderon, Juan Carlos (GE, Corporate, consultant) (juan calderon ge com)
RE: Securing password between webserver & appserver.
Sep 08 2009 03:48AM
Ken Schaefer (Ken adOpenStatic com)
Re: Securing password between webserver & appserver.
Sep 07 2009 04:29PM
arvind doraiswamy (arvind doraiswamy gmail com)
(1 replies)
Re: Securing password between webserver & appserver.
Sep 08 2009 05:20AM
Chintan Oza (chintan oza gmail com)
(1 replies)
Re: Securing password between webserver & appserver.
Sep 08 2009 04:15PM
arvind doraiswamy (arvind doraiswamy gmail com)
RE: Securing password between webserver & appserver.
Sep 07 2009 01:52PM
EXT-Adams, Randall E (Randall E Adams boeing com)
Re: Securing password between webserver & appserver.
Sep 07 2009 08:58AM
Robert Hajime Lanning (robert lanning gmail com)
Re: Securing password between webserver & appserver.
Sep 07 2009 07:40AM
Ali, Saqib (docbook xml gmail com)
(1 replies)
Re: Securing password between webserver & appserver.
Sep 07 2009 08:40AM
Chintan Oza (chintan oza gmail com)
(1 replies)
Re: Securing password between webserver & appserver.
Sep 07 2009 01:38PM
Ali, Saqib (docbook xml gmail com)
Re: Securing password between webserver & appserver.
Sep 07 2009 06:29AM
Nikhil Wagholikar (visitnikhil gmail com)
Privacy Statement
Copyright 2009, SecurityFocus
We have a web application which perform user authentication on
id+password basis.
The architecture is like this.
Browser<-HTTPS->WebServer<-->AppServer
We have a requirement where password should not be available to the
WebServer (even in hashed format).
Only solution that I can think of is having an Applet performing PKI
encryption on the password before submitting the form.
Please suggest if there are any better alternatives.
Thanks,
Chintan
[ reply ]