WebApp Sec mailing list archives

Re: Securing password between webserver & appserver.

From: Chintan Oza <chintan.oza () gmail com>
Date: Mon, 7 Sep 2009 14:10:55 +0530

Dear Saqib,

Yes the webserver will be in the middle.

The password verification will be performed by the application server.

We just dont want the password to be available at the webserver where
the ssl communication ends.

Chintan

On Mon, Sep 7, 2009 at 1:10 PM, Ali, Saqib<docbook.xml () gmail com> wrote:

Chintan,

I am not sure if I understand your question. If you are using the
webserver as the middleware, the authentication credentials will have
to pass through it one way or the other.

Can you please provide more details as to what problem are you trying
to address?  Thanks

Saqib
http://kawphi.blogspot.com

Current thread:

Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Nikhil Wagholikar (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
  - Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
    - Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Robert Hajime Lanning (Sep 07)
- RE: Securing password between webserver & appserver. EXT-Adams, Randall E (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 07)
  - Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
    - Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 08)
- RE: Securing password between webserver & appserver. Ken Schaefer (Sep 07)
- Re: Securing password between webserver & appserver. Till Elsner (Sep 08)
  - Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
    - RE: Securing password between webserver & appserver. Calderon, Juan Carlos (GE, Corporate, consultant) (Sep 09)

(Thread continues...)