Client Side Encryption

I'd like to provide a URL for my clients so that they can access our data.
Usually our clients will access the URL using a program (could be a java program/ c++ program/ other kinds of programs).

I need to provide users with a way so that they can supply a user name and password (REQUEST/ POST/ something else that can be embedded to URL?), and then that user name and password will be hashed before sent to the web server, using some algorithms like MD5/ SHA-2/ .../.

And I cannot use SSL.
(The only reason it's because my end users would have to see a "certificate warning" when they first access my site. Is this a valid reason or is this actually a trivial reason?)

Is there any way I can do this?

Thanks in advance for the help.

ps: I'm not sure if java forum is the best place to ask this question. Any recommendation?
Who is Participating?
SamsonChungConnect With a Mentor Commented:
we call that WebServices.

look AXIS on line,

it is a Tomcat Based JavaWebservices tool

With Webservices, it can do what you are asking it to do.....
you can use the microsoft Encrypt library "capicom.dll".
It's very simple but utility.
Here is the link to it.
hope this can help.
CEHJConnect With a Mentor Commented:
>>Is this a valid reason or is this actually a trivial reason?

It *is* a valid reason but it's certainly more trivial than implementing proper security. If someone gets hold of the hashed credentials, it's tantamount to having the credentials as plaintext - think about it.

The only way is SSL. Make the investment in a cert
Never miss a deadline with

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

>>it's tantamount to having the credentials as plaintext

(assuming you're one-way hashing it). If you're not, you'll be reinventing the wheel of SSL - badly ;-)
rnicholusAuthor Commented:
But, Is it possible to be done just to provide URL and do all the things I want to do without SSL (only providing a URL -- without having user to install or add anything at all in their end)? This I'm not quite sure I will be able to do.
rnicholusAuthor Commented:
Is using AXIS will require user to install JAVA on their end?

AXIS is all Server end.

it basically turns you java app into SOAP
rnicholusAuthor Commented:
How is the security being handled?
to answer your last question, which I completely ignored...

Now you are in Java's world..... go nuts with Security from there :)

personally, I'd have a DB do that.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.