[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] problem with form-data (get/post)




As an aside (but related), what is the value of submitting a TripleDES
encoded password over a clear (HTTP) session?  At the time of submit it
just becomes a token that the web server reads, runs through a function to
validate it, and lets it go from there on.

Maybe I am being thick, but if you send an encrypted password or a
plaintext password, isn't it still just a repayable token?  I am having a
hard time coming up with a scenario where this would buy you more security.

Brian
--
Brian T. Wightman                suppressed
Global Data Management          http://pdm.cg.jci.com/
Johnson Controls, Controls Group          (414) 524-4025


|---------+---------------------------->
|         |           suppressed   |
|         |                            |
|         |           06/17/2004 02:32 |
|         |           AM               |
|         |                            |
|---------+---------------------------->
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                  |
  |       To:       suppressed                                                                                                         |
  |       cc:                                                                                                                                        |
  |       Subject:  Re: [cgiapp] problem with form-data (get/post)                                                                                   |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|




Hi,

maxlength is already set in the input field with a value of 256 (that
should be enough).

Greets
Jan


Alexander Becker wrote:

>>Hi,
>>
>>i'm having trouble with a cgi-program of mine and can't find a way to
>>solve it.
>>Here it is:
>>In an simple form i type in a password. This is encrypted via TripleDES.
>>The encrypted password is sent over the submit-button (POST or GET, both
>>have the same problem).
>>Everything works fine when i use mozilla or IE as browser.
>>But with Opera, Konquerer or Lynx as browser the password field is cut
>>off.
>>
>>Here a little example:
>>
>>with mozilla 1.7/IE 6:
>>pass=%D6%03%A0%D7%B0%3F0%FD
>>
>>with opera 7.5:
>>pass=%D6%03
>>
>>with lynx:
>>pass=%D6%A0%D7%B0%3F0%FD
>>
>>Has anyone an idea why each browser handle the encoded value in his own
>>way?
>>
>>Thanks for any tips.
>>
>>Greets
>>Jan
>>
>>---------------------------------------------------------------------
>>Web Archive:  http://www.mail-archive.com/suppressed/
>>              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
>>To unsubscribe, e-mail: suppressed
>>For additional commands, e-mail: suppressed
>>
>>
>>
>
>Perhaps you set a length-attribute to the input-field?
>Serval Browsers interpret it in their own way.
>Greets, A. Becker (sry for typos)
>
>
>


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed





---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.