Forum Moderators: open
i have no idea where to post this question...seem like XML is the one that really close to this topic .... so...
just want to ask....can we encrypt a password....
that we got from Web Server (which is an HTML form)
before send it to Applications server (by using XML)....?
or it will be sent to application server without encryption?
if anybody have a good reference to a good link about web service encryption.....can you share it with me.....
thanks....
If the password is being sent to access a system for which the password was not previously known (i.e. in the case of a opening a proxy connection with another password-protected site) you will need an SSL connection between the client and the web server and the web server and the application server to ensure the security of the password.
If the password is being sent for validation (the correct password will be matched on the application server) you would be best-served to use a message digest hash encryption protocol (this can be done with a script *before* the client posts the form to your web server) for creating a hash of the password and matching it against the stored password or hash on the application server (in which case you would *not* need an SSL connection to maintain security).
The information, in either case, would not necessarily require an XML implementation of any kind.
