Alaska Software Inc. - How to protect data...
Username: Password:
AuthorTopic: How to protect data...
Adelaide LopesHow to protect data...
on Tue, 29 Aug 2006 18:18:46 +0100
mark carew Re: How to protect data...
on Wed, 30 Aug 2006 06:20:12 +1000
On Tue, 29 Aug 2006 18:18:46 +0100, Adelaide Lopes wrote:

> Hello,
> 
> I have a website (WAA) with a Login & Password situation. 
> I need to know how I can encrypt my password so no one can "see" it? Should I use any particular Xbase function? 
> Is there any special way of doing so? Or simply oContext and sessions can guarantee the safty and protection needed? 
> In the future I may need to encrypt other important information as credit card codes...
> 
> I'ld like to see some examples of sites developed. Can anyone tell me where?
> 
> Regards,
> 
> Adelaide Lopes
Hi Adelaide,
One of the attributes to the "style" tag is "visibility" which can be set
to "hidden"
e.g.
style="color:Red;visibility:hidden;"
HTH
Mark
Adelaide LopesRe: How to protect data...
on Wed, 30 Aug 2006 12:27:11 +0100
Hello Mark

Thanks for the sugestion 
I still need to clear some things... maybe I didn't explain myself 
correctly...
When I said '..so no one can "see" it? ..' I meen the password wouldn't be 
visible on the net... when its traveling from the cliente to the server... 
the information is on the net so i need it to be camouflaged in a way that 
no one would easily catch it...

I supose the hint you gave me is usefull with the html, so its not visible 
to the cliente/user...



"mark carew" <markcarew@magicwanddept.com.au> escreveu na mensagem 
news:bid2ted071a1$.1q7ivun005owi.dlg@40tude.net...
> On Tue, 29 Aug 2006 18:18:46 +0100, Adelaide Lopes wrote:
>
>> Hello,
>>
>> I have a website (WAA) with a Login & Password situation.
>> I need to know how I can encrypt my password so no one can "see" it? 
>> Should I use any particular Xbase function?
>> Is there any special way of doing so? Or simply oContext and sessions can 
>> guarantee the safty and protection needed?
>> In the future I may need to encrypt other important information as credit 
>> card codes...
>>
>> I'ld like to see some examples of sites developed. Can anyone tell me 
>> where?
>>
>> Regards,
>>
>> Adelaide Lopes
> Hi Adelaide,
> One of the attributes to the "style" tag is "visibility" which can be set
> to "hidden"
> e.g.
> style="color:Red;visibility:hidden;"
> HTH
> Mark
Thomas Braun
Re: How to protect data...
on Wed, 30 Aug 2006 14:43:15 +0200
Adelaide Lopes wrote:

> Thanks for the sugestion 
> I still need to clear some things... maybe I didn't explain myself 
> correctly...
> When I said '..so no one can "see" it? ..' I meen the password wouldn't be 
> visible on the net... when its traveling from the cliente to the server... 
> the information is on the net so i need it to be camouflaged in a way that 
> no one would easily catch it...

There are various things to consider:

- Secure transport between client (browser) and web server

To secure the transport over public networks, you should use the https://
protocol. This way it is quite difficult (but not 100% impossible, see
http://www.contentverification.com/man-in-the-middle/index.html for an
example) for a 3rd party to read the data.

- Secure the backend data (dbf files or whatever data storage you are
using)

First of all, you should block public access from public networks
(internet) to the server that is running WAA and contains the actual
databases. 

Only expose the web server to the public and just allow traffic from the
web server to the WAA server via a filtering device (most of the time
referred to as "firewall") Don't give public access to the WAA server!

- Encrypt the backend data

If you are using foxdbe, there is a special version that can encrypt all
data. Just ask Alaska for the AES encryption libraries.

Other backends (SQL server, Oracle etc...) have other mechanisms to secure
the data from unauthorized access.

HTH
Thomas
Adelaide LopesRe: How to protect data...
on Wed, 30 Aug 2006 16:00:42 +0100
Thanks Thomas for the sugestion! 

Regards
Adelaide

"Thomas Braun" <spam@software-braun.de> escreveu na mensagem 
news:13ptxwve8xokw.1omfnbc72efnm.dlg@40tude.net...
> Adelaide Lopes wrote:
>
>> Thanks for the sugestion 
>> I still need to clear some things... maybe I didn't explain myself
>> correctly...
>> When I said '..so no one can "see" it? ..' I meen the password wouldn't 
>> be
>> visible on the net... when its traveling from the cliente to the 
>> server...
>> the information is on the net so i need it to be camouflaged in a way 
>> that
>> no one would easily catch it...
>
> There are various things to consider:
>
> - Secure transport between client (browser) and web server
>
> To secure the transport over public networks, you should use the https://
> protocol. This way it is quite difficult (but not 100% impossible, see
> http://www.contentverification.com/man-in-the-middle/index.html for an
> example) for a 3rd party to read the data.
>
> - Secure the backend data (dbf files or whatever data storage you are
> using)
>
> First of all, you should block public access from public networks
> (internet) to the server that is running WAA and contains the actual
> databases.
>
> Only expose the web server to the public and just allow traffic from the
> web server to the WAA server via a filtering device (most of the time
> referred to as "firewall") Don't give public access to the WAA server!
>
> - Encrypt the backend data
>
> If you are using foxdbe, there is a special version that can encrypt all
> data. Just ask Alaska for the AES encryption libraries.
>
> Other backends (SQL server, Oracle etc...) have other mechanisms to secure
> the data from unauthorized access.
>
> HTH
> Thomas