SecurityFocus

Securing password between webserver & appserver. Sep 07 2009 06:04AM
Chintan Oza (chintan oza gmail com) (7 replies)

Re: Securing password between webserver & appserver. Sep 08 2009 11:58PM
Till Elsner (Till Elsner uni-duesseldorf de) (1 replies)

Re: Securing password between webserver & appserver. Sep 09 2009 03:34AM
bigbert007 (bigbert007 gmail com) (1 replies)

RE: Securing password between webserver & appserver. Sep 09 2009 06:14PM
Calderon, Juan Carlos (GE, Corporate, consultant) (juan calderon ge com)

RE: Securing password between webserver & appserver. Sep 08 2009 03:48AM
Ken Schaefer (Ken adOpenStatic com)

Re: Securing password between webserver & appserver. Sep 07 2009 04:29PM
arvind doraiswamy (arvind doraiswamy gmail com) (1 replies)

Re: Securing password between webserver & appserver. Sep 08 2009 05:20AM
Chintan Oza (chintan oza gmail com) (1 replies)

Re: Securing password between webserver & appserver. Sep 08 2009 04:15PM
arvind doraiswamy (arvind doraiswamy gmail com)

RE: Securing password between webserver & appserver. Sep 07 2009 01:52PM
EXT-Adams, Randall E (Randall E Adams boeing com)

Re: Securing password between webserver & appserver. Sep 07 2009 08:58AM
Robert Hajime Lanning (robert lanning gmail com)

On Mon, Sep 7, 2009 at 7:04 AM, Chintan Oza<chintan.oza (at) gmail (dot) com [email concealed]> wrote:
> Browser<-HTTPS->WebServer<-->AppServer
>
> We have a requirement where password should not be available to the
> WebServer (even in hashed format).

CHAP should work just fine. Just make sure the challenge is randomly generated.

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri

[ reply ]

Re: Securing password between webserver & appserver. Sep 07 2009 07:40AM
Ali, Saqib (docbook xml gmail com) (1 replies)

Re: Securing password between webserver & appserver. Sep 07 2009 08:40AM
Chintan Oza (chintan oza gmail com) (1 replies)

Re: Securing password between webserver & appserver. Sep 07 2009 01:38PM
Ali, Saqib (docbook xml gmail com)

Re: Securing password between webserver & appserver. Sep 07 2009 06:29AM
Nikhil Wagholikar (visitnikhil gmail com)