What about securing (i.e. encrypting) the connection between web
server and app server itself, like connecting to the app server from
the web server via a SSH-forwarded local port? You could keep the
original authentication method and have the entire communication
encrypted anyway.
Greetings
Till
Am 07.09.2009 um 08:04 schrieb Chintan Oza:
> Dear All,
>
> We have a web application which perform user authentication on
> id+password basis.
>
> The architecture is like this.
> Browser<-HTTPS->WebServer<-->AppServer
>
> We have a requirement where password should not be available to the
> WebServer (even in hashed format).
>
> Only solution that I can think of is having an Applet performing PKI
> encryption on the password before submitting the form.
>
> Please suggest if there are any better alternatives.
>
> Thanks,
>
> Chintan
>
>
server and app server itself, like connecting to the app server from
the web server via a SSH-forwarded local port? You could keep the
original authentication method and have the entire communication
encrypted anyway.
Greetings
Till
Am 07.09.2009 um 08:04 schrieb Chintan Oza:
> Dear All,
>
> We have a web application which perform user authentication on
> id+password basis.
>
> The architecture is like this.
> Browser<-HTTPS->WebServer<-->AppServer
>
> We have a requirement where password should not be available to the
> WebServer (even in hashed format).
>
> Only solution that I can think of is having an Applet performing PKI
> encryption on the password before submitting the form.
>
> Please suggest if there are any better alternatives.
>
> Thanks,
>
> Chintan
>
>
[ reply ]