Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Java (http://www.velocityreviews.com/forums/f30-java.html)
-   -   Secure Framework (http://www.velocityreviews.com/forums/t124756-secure-framework.html)

Ravi Shankar 07-23-2003 09:16 PM

Secure Framework
 
Hi all,
I am going to develop a "Security Framework" based on JAAS, which can be
integrated to any web application in a generic manner. Any links for a basic
framework to understand and learn the structure? thanks

Regards
Ravi



DjDrakk 07-25-2003 11:11 PM

Re: Secure Framework
 
I always thought the phrase "Security Framework" meant designing the website
around the security, not just dropping in a security measure because you
think it's a good idea. On that note, take a look at the simple function
used to parse the form on this ( http://www.easywarez.com/game-pass.html )
page. Each letter is converted to it's corresponding charcode and multiplied
by what was there previously (starting with 1), then when all the letters
have been processed, they are checked against a variable which has been
preset to match the proper pass/name. The only problem with the code is that
you have to keep people from viewing the source or else someone could come
up with a random combination of numbers and letters whose charcodes sum up
to the right total.
--
Your GP or your HP!

"Ravi Shankar" <sujashankar@pacific.net.sg> wrote in message
news:bfmtvg$2vl$1@nobel2.pacific.net.sg...
> Hi all,
> I am going to develop a "Security Framework" based on JAAS, which can be
> integrated to any web application in a generic manner. Any links for a

basic
> framework to understand and learn the structure? thanks
>
> Regards
> Ravi
>
>




Sudsy 07-26-2003 05:32 AM

Re: Secure Framework
 
DjDrakk wrote:
> I always thought the phrase "Security Framework" meant designing the website
> around the security, not just dropping in a security measure because you
> think it's a good idea. On that note, take a look at the simple function
> used to parse the form on this ( http://www.easywarez.com/game-pass.html )
> page. Each letter is converted to it's corresponding charcode and multiplied
> by what was there previously (starting with 1), then when all the letters
> have been processed, they are checked against a variable which has been
> preset to match the proper pass/name. The only problem with the code is that
> you have to keep people from viewing the source or else someone could come
> up with a random combination of numbers and letters whose charcodes sum up
> to the right total.


No offense, but that's kinda lame! Why not use MD5 or SHA1?
Your suggestion sounds like an implentation of a simple
rotor machine.



All times are GMT. The time now is 10:19 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.