hello,



I am currently involve in a web application that requires secure 

transaction. At the login page, after the user submit their uid and 

password, i want the password to be encrypted before it is sent to be 

verified. The problem is, if i use vbscript or javascript, as far as i know 

the functions cannot be made invisible to users, and if i were to write the 

encryption code in ASP, the form won't be able to call it on submit.



Now I am wondering how other mail services handle problems regarding this 

issue of login.



Any help on this would be great!

Thanks

wye kean

You use SSL to get the password to the server.

You then use your encryption algorithm on the supplied password to get the

hash value. You compare that hash with the hash you have stored in your

database.



Cheers

Ken



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----

From: "Hong Wye Kean" <hwkean@h...>

To: "ASP Web HowTo" <asp_web_howto@p...>

Sent: Friday, July 20, 2001 11:05 AM

Subject: [asp_web_howto] problem with login page





: hello,

:

: I am currently involve in a web application that requires secure

: transaction. At the login page, after the user submit their uid and

: password, i want the password to be encrypted before it is sent to be

: verified. The problem is, if i use vbscript or javascript, as far as i

know

: the functions cannot be made invisible to users, and if i were to write

the

: encryption code in ASP, the form won't be able to call it on submit.

:

: Now I am wondering how other mail services handle problems regarding this

: issue of login.

:

: Any help on this would be great!

: Thanks

: wye kean

hello again,



Thank you for the suggestion on using SSL. Just today i came accross another 

method that i would like to share with all. It seems that Microsoft Remote 

Scripting claim that they can solve problems with calling a server function 

from a client side script. I have downloaded the samples and tried it, but 

still to no avail. Has anyone out there that has better luck than me?



Thank you

wye kean





>From: "Ken Schaefer" <ken@a...>

>Reply-To: "ASP Web HowTo" <asp_web_howto@p...>

>To: "ASP Web HowTo" <asp_web_howto@p...>

>Subject: [asp_web_howto] Re: problem with login page

>Date: Fri, 20 Jul 2001 18:47:34 +1000

>

>You use SSL to get the password to the server.

>You then use your encryption algorithm on the supplied password to get the

>hash value. You compare that hash with the hash you have stored in your

>database.

>

>Cheers

>Ken

>

>

  <INPUT TYPE=3D"password" NAME=3D"inputbox" VALUE=3D"" size=3D15>

this shows **** as the person types then

use request.form  and not querystring on the asp side to get it.



-----Original Message-----

From: Hong Wye Kean [mailto:hwkean@h...]

Sent: Thursday, July 19, 2001 9:05 PM

To: ASP Web HowTo

Subject: [asp_web_howto] problem with login page





hello,



I am currently involve in a web application that requires secure

transaction. At the login page, after the user submit their uid and

password, i want the password to be encrypted before it is sent to be

verified. The problem is, if i use vbscript or javascript, as far as i 

know

the functions cannot be made invisible to users, and if i were to write 

the

encryption code in ASP, the form won't be able to call it on submit.



Now I am wondering how other mail services handle problems regarding 

this

issue of login.



Any help on this would be great!

Thanks

wye kean

Actually, the functions can be made invisible to users. Try using frames and 

store your functions in a zero width frame.

Doesn't work. if you View Source on the frameset you can get the URL's of

the indivdual pages, but its a good start, a similar issue applies to using



.js files too.



At 19:20 20/07/01 +0000, you wrote:

>Actually, the functions can be made invisible to users. Try using frames

>and store your functions in a zero width frame.

>

>

>