Solved

Client Side Encryption

Posted on 2006-11-28
11
175 Views
Last Modified: 2010-03-31
I'd like to provide a URL for my clients so that they can access our data.
Usually our clients will access the URL using a program (could be a java program/ c++ program/ other kinds of programs).

I need to provide users with a way so that they can supply a user name and password (REQUEST/ POST/ something else that can be embedded to URL?), and then that user name and password will be hashed before sent to the web server, using some algorithms like MD5/ SHA-2/ .../.

And I cannot use SSL.
(The only reason it's because my end users would have to see a "certificate warning" when they first access my site. Is this a valid reason or is this actually a trivial reason?)

Is there any way I can do this?

Thanks in advance for the help.

ps: I'm not sure if java forum is the best place to ask this question. Any recommendation?
0
Comment
Question by:rnicholus
  • 4
  • 3
  • 3
  • +1
11 Comments
 

Expert Comment

by:huiyue
ID: 18034124
you can use the microsoft Encrypt library "capicom.dll".
It's very simple but utility.
Here is the link to it.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/capicom_reference.asp
hope this can help.
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 150 total points
ID: 18034877
>>Is this a valid reason or is this actually a trivial reason?

It *is* a valid reason but it's certainly more trivial than implementing proper security. If someone gets hold of the hashed credentials, it's tantamount to having the credentials as plaintext - think about it.

The only way is SSL. Make the investment in a cert
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 18034889
>>it's tantamount to having the credentials as plaintext

(assuming you're one-way hashing it). If you're not, you'll be reinventing the wheel of SSL - badly ;-)
0
 

Author Comment

by:rnicholus
ID: 18038630
But, Is it possible to be done just to provide URL and do all the things I want to do without SSL (only providing a URL -- without having user to install or add anything at all in their end)? This I'm not quite sure I will be able to do.
0
 
LVL 6

Accepted Solution

by:
SamsonChung earned 150 total points
ID: 18045800
Yes,
we call that WebServices.

look AXIS on line,

it is a Tomcat Based JavaWebservices tool

With Webservices, it can do what you are asking it to do.....
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:rnicholus
ID: 18071810
Is using AXIS will require user to install JAVA on their end?
0
 
LVL 6

Expert Comment

by:SamsonChung
ID: 18072018
Nope.

AXIS is all Server end.

it basically turns you java app into SOAP
0
 
LVL 6

Expert Comment

by:SamsonChung
ID: 18072035
0
 

Author Comment

by:rnicholus
ID: 18089545
How is the security being handled?
0
 
LVL 6

Expert Comment

by:SamsonChung
ID: 18159366
to answer your last question, which I completely ignored...

Now you are in Java's world..... go nuts with Security from there :)

personally, I'd have a DB do that.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 18159381
:-)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
how to use external config file with Spring MVC 4 63
Updating Java 9 87
pairs challenge 5 45
advertisement module in core php 4 94
INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now