You are right. Without changing your architecture or requirements you
would have to have the client encrypt the message before sending it
through an untrusted web server.
If you are worried about message integrity you will have to encrypt the
message with one key then create a MAC with another key. You will have
to maintain two sets of public/private keys here.
Maybe OpenSSO is something you would be interested in. Effectively it
allows you to put a servlet filter into your web application that
redirects the user to go log into a separate application server before
being redirected back to your application.
OpenSSO would be a lot of work -- all it really gets you is the ability
to delegate authentication to a different app server. I would rather
support OpenSSO (with all its complexity) than a custom applet-based
crypto solution.
https://opensso.dev.java.net/
Respectfully,
Randall
-----Original Message-----
From: Chintan Oza [mailto:chintan.oza (at) gmail (dot) com [email concealed]]
Sent: Monday, September 07, 2009 2:04 AM
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Securing password between webserver & appserver.
Dear All,
We have a web application which perform user authentication on
id+password basis.
The architecture is like this.
Browser<-HTTPS->WebServer<-->AppServer
We have a requirement where password should not be available to the
WebServer (even in hashed format).
Only solution that I can think of is having an Applet performing PKI
encryption on the password before submitting the form.
Please suggest if there are any better alternatives.
You are right. Without changing your architecture or requirements you
would have to have the client encrypt the message before sending it
through an untrusted web server.
If you are worried about message integrity you will have to encrypt the
message with one key then create a MAC with another key. You will have
to maintain two sets of public/private keys here.
Maybe OpenSSO is something you would be interested in. Effectively it
allows you to put a servlet filter into your web application that
redirects the user to go log into a separate application server before
being redirected back to your application.
OpenSSO would be a lot of work -- all it really gets you is the ability
to delegate authentication to a different app server. I would rather
support OpenSSO (with all its complexity) than a custom applet-based
crypto solution.
https://opensso.dev.java.net/
Respectfully,
Randall
-----Original Message-----
From: Chintan Oza [mailto:chintan.oza (at) gmail (dot) com [email concealed]]
Sent: Monday, September 07, 2009 2:04 AM
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Securing password between webserver & appserver.
Dear All,
We have a web application which perform user authentication on
id+password basis.
The architecture is like this.
Browser<-HTTPS->WebServer<-->AppServer
We have a requirement where password should not be available to the
WebServer (even in hashed format).
Only solution that I can think of is having an Applet performing PKI
encryption on the password before submitting the form.
Please suggest if there are any better alternatives.
Thanks,
Chintan
[ reply ]