Does anybody understand JADE security?
Posted: Fri Aug 07, 2009 11:20 am
by Craig Shearer >> Sun, 16 Apr 2000 23:38:19 GMT
Hello all
We're developing an application at present to be deployed on the Smart Thin Client over the net, so we're naturally concerned about security. I've tried following the guidelines on the documentation about security - and it talks about the importance of encrypting the username and password, then decrypting it at the server end, etc.
I must admit that I find some of the documentation quite confusing. However, I've tried to follow the guidelines and it's working ok - we encrypt passwords when prompted for on the logon form, which should mean they are encrypted for transmission over the wire. Then, we decrypt them at the server end to compare them in the database.
I realise that in a thin client environment, we are also going to have to encrypt the comms otherwise it's this client/server encryption is pretty pointless (since the data will be transmitted unencrypted over the net from the thin client to the app server).
The main problem we're having is that this encryption is great, but JADE sets the process.userCode to the encrypted version of the user name, which means that if you look at the processes in the JADE monitor - you get garbage user names (in fact, we mistakenly thought that JADE was somehow corrupting them!)
Does anybody have any guidelines on how to do this properly?
--
Craig Shearer
Email craig.shearer@bigfoot.com
Hello all
We're developing an application at present to be deployed on the Smart Thin Client over the net, so we're naturally concerned about security. I've tried following the guidelines on the documentation about security - and it talks about the importance of encrypting the username and password, then decrypting it at the server end, etc.
I must admit that I find some of the documentation quite confusing. However, I've tried to follow the guidelines and it's working ok - we encrypt passwords when prompted for on the logon form, which should mean they are encrypted for transmission over the wire. Then, we decrypt them at the server end to compare them in the database.
I realise that in a thin client environment, we are also going to have to encrypt the comms otherwise it's this client/server encryption is pretty pointless (since the data will be transmitted unencrypted over the net from the thin client to the app server).
The main problem we're having is that this encryption is great, but JADE sets the process.userCode to the encrypted version of the user name, which means that if you look at the processes in the JADE monitor - you get garbage user names (in fact, we mistakenly thought that JADE was somehow corrupting them!)
Does anybody have any guidelines on how to do this properly?
--
Craig Shearer
Email craig.shearer@bigfoot.com