• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

Client Side Encryption

I'd like to provide a URL for my clients so that they can access our data.
Usually our clients will access the URL using a program (could be a java program/ c++ program/ other kinds of programs).

I need to provide users with a way so that they can supply a user name and password (REQUEST/ POST/ something else that can be embedded to URL?), and then that user name and password will be hashed before sent to the web server, using some algorithms like MD5/ SHA-2/ .../.

And I cannot use SSL.
(The only reason it's because my end users would have to see a "certificate warning" when they first access my site. Is this a valid reason or is this actually a trivial reason?)

Is there any way I can do this?

Thanks in advance for the help.

ps: I'm not sure if java forum is the best place to ask this question. Any recommendation?
0
rnicholus
Asked:
rnicholus
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
huiyueCommented:
you can use the microsoft Encrypt library "capicom.dll".
It's very simple but utility.
Here is the link to it.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/capicom_reference.asp
hope this can help.
0
 
CEHJCommented:
>>Is this a valid reason or is this actually a trivial reason?

It *is* a valid reason but it's certainly more trivial than implementing proper security. If someone gets hold of the hashed credentials, it's tantamount to having the credentials as plaintext - think about it.

The only way is SSL. Make the investment in a cert
0
 
CEHJCommented:
>>it's tantamount to having the credentials as plaintext

(assuming you're one-way hashing it). If you're not, you'll be reinventing the wheel of SSL - badly ;-)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rnicholusAuthor Commented:
But, Is it possible to be done just to provide URL and do all the things I want to do without SSL (only providing a URL -- without having user to install or add anything at all in their end)? This I'm not quite sure I will be able to do.
0
 
SamsonChungCommented:
Yes,
we call that WebServices.

look AXIS on line,

it is a Tomcat Based JavaWebservices tool

With Webservices, it can do what you are asking it to do.....
0
 
rnicholusAuthor Commented:
Is using AXIS will require user to install JAVA on their end?
0
 
SamsonChungCommented:
Nope.

AXIS is all Server end.

it basically turns you java app into SOAP
0
 
SamsonChungCommented:
0
 
rnicholusAuthor Commented:
How is the security being handled?
0
 
SamsonChungCommented:
to answer your last question, which I completely ignored...

Now you are in Java's world..... go nuts with Security from there :)

personally, I'd have a DB do that.
0
 
CEHJCommented:
:-)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now