Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Web Application Security
Securing password between webserver & appserver. Sep 07 2009 06:04AM
Chintan Oza (chintan oza gmail com) (7 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 11:58PM
Till Elsner (Till Elsner uni-duesseldorf de) (1 replies)
Re: Securing password between webserver & appserver. Sep 09 2009 03:34AM
bigbert007 (bigbert007 gmail com) (1 replies)
RE: Securing password between webserver & appserver. Sep 09 2009 06:14PM
Calderon, Juan Carlos (GE, Corporate, consultant) (juan calderon ge com)
RE: Securing password between webserver & appserver. Sep 08 2009 03:48AM
Ken Schaefer (Ken adOpenStatic com)
Re: Securing password between webserver & appserver. Sep 07 2009 04:29PM
arvind doraiswamy (arvind doraiswamy gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 05:20AM
Chintan Oza (chintan oza gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 08 2009 04:15PM
arvind doraiswamy (arvind doraiswamy gmail com)
RE: Securing password between webserver & appserver. Sep 07 2009 01:52PM
EXT-Adams, Randall E (Randall E Adams boeing com)
Re: Securing password between webserver & appserver. Sep 07 2009 08:58AM
Robert Hajime Lanning (robert lanning gmail com)
Re: Securing password between webserver & appserver. Sep 07 2009 07:40AM
Ali, Saqib (docbook xml gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 07 2009 08:40AM
Chintan Oza (chintan oza gmail com) (1 replies)
Re: Securing password between webserver & appserver. Sep 07 2009 01:38PM
Ali, Saqib (docbook xml gmail com)
in that case, a pre-shared secret or PKI seems to be the only way.

Saqib
http://kawphi.blogspot.com

On Mon, Sep 7, 2009 at 1:40 AM, Chintan Oza<chintan.oza (at) gmail (dot) com [email concealed]> wrote:
> Dear Saqib,
>
> Yes the webserver will be in the middle.
>
> The password verification will be performed by the application server.
>
> We just dont want the password to be available at the webserver where
> the ssl communication ends.
>
> Chintan
>
> On Mon, Sep 7, 2009 at 1:10 PM, Ali, Saqib<docbook.xml (at) gmail (dot) com [email concealed]> wrote:
>> Chintan,
>>
>> I am not sure if I understand your question. If you are using the
>> webserver as the middleware, the authentication credentials will have
>> to pass through it one way or the other.
>>
>> Can you please provide more details as to what problem are you trying
>> to address?  Thanks
>>
>> Saqib
>> http://kawphi.blogspot.com
>>
>

[ reply ]
Re: Securing password between webserver & appserver. Sep 07 2009 06:29AM
Nikhil Wagholikar (visitnikhil gmail com)







 

Privacy Statement
Copyright 2009, SecurityFocus