Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Web Application Security
Securing password between webserver & appserver. Sep 07 2009 06:04AM
Chintan Oza (chintan oza gmail com) (7 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 11:58PM
Till Elsner (Till Elsner uni-duesseldorf de) (1 replies)
Re: Securing password between webserver & appserver. Sep 09 2009 03:34AM
bigbert007 (bigbert007 gmail com) (1 replies)
RE: Securing password between webserver & appserver. Sep 09 2009 06:14PM
Calderon, Juan Carlos (GE, Corporate, consultant) (juan calderon ge com)
RE: Securing password between webserver & appserver. Sep 08 2009 03:48AM
Ken Schaefer (Ken adOpenStatic com)
Re: Securing password between webserver & appserver. Sep 07 2009 04:29PM
arvind doraiswamy (arvind doraiswamy gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 05:20AM
Chintan Oza (chintan oza gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 04:15PM
arvind doraiswamy (arvind doraiswamy gmail com)
RE: Securing password between webserver & appserver. Sep 07 2009 01:52PM
EXT-Adams, Randall E (Randall E Adams boeing com)
Re: Securing password between webserver & appserver. Sep 07 2009 08:58AM
Robert Hajime Lanning (robert lanning gmail com)
Re: Securing password between webserver & appserver. Sep 07 2009 07:40AM
Ali, Saqib (docbook xml gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 07 2009 08:40AM
Chintan Oza (chintan oza gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 07 2009 01:38PM
Ali, Saqib (docbook xml gmail com)
Re: Securing password between webserver & appserver. Sep 07 2009 06:29AM
Nikhil Wagholikar (visitnikhil gmail com)
Hi Chintan,

May be you can think of One Time Password (OTP) as an alternative to PKI.

---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence (India) Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/courses/Training%20Calendar.html

2009/9/7 Chintan Oza <chintan.oza (at) gmail (dot) com [email concealed]>
>
> Dear All,
>
> We have a web application which perform user authentication on
> id+password basis.
>
> The architecture is like this.
> Browser<-HTTPS->WebServer<-->AppServer
>
> We have a requirement where password should not be available to the
> WebServer (even in hashed format).
>
> Only solution that I can think of is having an Applet performing PKI
> encryption on the password before submitting the form.
>
> Please suggest if there are any better alternatives.
>
> Thanks,
>
> Chintan
>
>

[ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus