Client Side Encryption

I'd like to provide a URL for my clients so that they can access our data.
Usually our clients will access the URL using a program (could be a java program/ c++ program/ other kinds of programs).

I need to provide users with a way so that they can supply a user name and password (REQUEST/ POST/ something else that can be embedded to URL?), and then that user name and password will be hashed before sent to the web server, using some algorithms like MD5/ SHA-2/ .../.

And I cannot use SSL.
(The only reason it's because my end users would have to see a "certificate warning" when they first access my site. Is this a valid reason or is this actually a trivial reason?)

Is there any way I can do this?

Thanks in advance for the help.

ps: I'm not sure if java forum is the best place to ask this question. Any recommendation?
rnicholusAsked:
Who is Participating?
 
SamsonChungCommented:
Yes,
we call that WebServices.

look AXIS on line,

it is a Tomcat Based JavaWebservices tool

With Webservices, it can do what you are asking it to do.....
0
 
huiyueCommented:
you can use the microsoft Encrypt library "capicom.dll".
It's very simple but utility.
Here is the link to it.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/capicom_reference.asp
hope this can help.
0
 
CEHJCommented:
>>Is this a valid reason or is this actually a trivial reason?

It *is* a valid reason but it's certainly more trivial than implementing proper security. If someone gets hold of the hashed credentials, it's tantamount to having the credentials as plaintext - think about it.

The only way is SSL. Make the investment in a cert
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
CEHJCommented:
>>it's tantamount to having the credentials as plaintext

(assuming you're one-way hashing it). If you're not, you'll be reinventing the wheel of SSL - badly ;-)
0
 
rnicholusAuthor Commented:
But, Is it possible to be done just to provide URL and do all the things I want to do without SSL (only providing a URL -- without having user to install or add anything at all in their end)? This I'm not quite sure I will be able to do.
0
 
rnicholusAuthor Commented:
Is using AXIS will require user to install JAVA on their end?
0
 
SamsonChungCommented:
Nope.

AXIS is all Server end.

it basically turns you java app into SOAP
0
 
SamsonChungCommented:
0
 
rnicholusAuthor Commented:
How is the security being handled?
0
 
SamsonChungCommented:
to answer your last question, which I completely ignored...

Now you are in Java's world..... go nuts with Security from there :)

personally, I'd have a DB do that.
0
 
CEHJCommented:
:-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.