WebApp Sec mailing list archives
Re: Securing password between webserver & appserver.
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Mon, 7 Sep 2009 06:38:29 -0700
in that case, a pre-shared secret or PKI seems to be the only way. Saqib http://kawphi.blogspot.com On Mon, Sep 7, 2009 at 1:40 AM, Chintan Oza<chintan.oza () gmail com> wrote:
Dear Saqib, Yes the webserver will be in the middle. The password verification will be performed by the application server. We just dont want the password to be available at the webserver where the ssl communication ends. Chintan On Mon, Sep 7, 2009 at 1:10 PM, Ali, Saqib<docbook.xml () gmail com> wrote:Chintan, I am not sure if I understand your question. If you are using the webserver as the middleware, the authentication credentials will have to pass through it one way or the other. Can you please provide more details as to what problem are you trying to address? Thanks Saqib http://kawphi.blogspot.com
Current thread:
- Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Nikhil Wagholikar (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Ali, Saqib (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. Robert Hajime Lanning (Sep 07)
- RE: Securing password between webserver & appserver. EXT-Adams, Randall E (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 07)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- Re: Securing password between webserver & appserver. arvind doraiswamy (Sep 08)
- Re: Securing password between webserver & appserver. Chintan Oza (Sep 07)
- RE: Securing password between webserver & appserver. Ken Schaefer (Sep 07)
- Re: Securing password between webserver & appserver. Till Elsner (Sep 08)
- Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
- RE: Securing password between webserver & appserver. Calderon, Juan Carlos (GE, Corporate, consultant) (Sep 09)
- Re: Securing password between webserver & appserver. bigbert007 (Sep 08)
- <Possible follow-ups>
- RE: Securing password between webserver & appserver. Martin O'Neal (Sep 07)
(Thread continues...)