Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: Securing password between webserver & appserver.
From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Mon, 7 Sep 2009 09:58:49 +0100
On Mon, Sep 7, 2009 at 7:04 AM, Chintan Oza<chintan.oza () gmail com> wrote:

Browser<-HTTPS->WebServer<-->AppServer

We have a requirement where password should not be available to the
WebServer (even in hashed format).


CHAP should work just fine.  Just make sure the challenge is randomly generated.

-- 
And, did Galoka think the Ulus were too ugly to save?
                                         -Centauri

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]