WebApp Sec mailing list archives
Re: Securing password between webserver & appserver.
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Mon, 7 Sep 2009 11:59:19 +0530
Hi Chintan, May be you can think of One Time Password (OTP) as an alternative to PKI. --- Nikhil Wagholikar Practice Lead | Security Assessments & Digital Forensics Network Intelligence (India) Pvt. Ltd. [NII Consulting] Web: http://www.niiconsulting.com/ Comprehensive Information Security Training http://iisecurity.in/courses/Training%20Calendar.html 2009/9/7 Chintan Oza <chintan.oza () gmail com>
Dear All, We have a web application which perform user authentication on id+password basis. The architecture is like this. Browser<-HTTPS->WebServer<-->AppServer We have a requirement where password should not be available to the WebServer (even in hashed format). Only solution that I can think of is having an Applet performing PKI encryption on the password before submitting the form. Please suggest if there are any better alternatives. Thanks, Chintan
Current thread:
- Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Nikhil Wagholikar (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Robert Hajime Lanning (Sep 07)
- RE: Securing password between webserver & appserver. EXT-Adams, Randall E (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 08)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- RE: Securing password between webserver & appserver. Ken Schaefer (Sep 07)
- Re: Securing password between webserver & appserver. Till Elsner (Sep 08)
(Thread continues...)