From neugens@libero.it  Fri Aug 23 11:06:09 2002
Return-Path: <neugens@libero.it>
Delivered-To: zzzz@localhost.netnoteinc.com
Received: from localhost (localhost [127.0.0.1])
	by phobos.labs.netnoteinc.com (Postfix) with ESMTP id BBCE24415B
	for <zzzz@localhost>; Fri, 23 Aug 2002 06:04:22 -0400 (EDT)
Received: from phobos [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for zzzz@localhost (single-drop); Fri, 23 Aug 2002 11:04:22 +0100 (IST)
Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com
    [66.38.151.27]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id
    g7MM0XZ26628 for <zzzz@spamassassin.taint.org>; Thu, 22 Aug 2002 23:00:33 +0100
Received: from lists.securityfocus.com (lists.securityfocus.com
    [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id
    86064A316F; Thu, 22 Aug 2002 15:50:00 -0600 (MDT)
Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <secprog.list-id.securityfocus.com>
List-Post: <mailto:secprog@securityfocus.com>
List-Help: <mailto:secprog-help@securityfocus.com>
List-Unsubscribe: <mailto:secprog-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:secprog-subscribe@securityfocus.com>
Delivered-To: mailing list secprog@securityfocus.com
Delivered-To: moderator for secprog@securityfocus.com
Received: (qmail 21232 invoked from network); 22 Aug 2002 21:14:49 -0000
Content-Type: text/plain; charset="iso-8859-1"
From: Mario Torre <neugens@libero.it>
To: secprog@securityfocus.com
Subject: Re: Encryption approach to secure web applications
Date: Thu, 22 Aug 2002 23:49:00 +0200
User-Agent: KMail/1.4.1
References: <200208222015.15926.neugens@libero.it>
    <00da01c24a15$561376c0$0201a8c0@home1>
In-Reply-To: <00da01c24a15$561376c0$0201a8c0@home1>
MIME-Version: 1.0
Message-Id: <200208222349.00463.neugens@libero.it>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by dogma.slashnull.org
    id g7MM0XZ26628

Hi,

Thank you for the useful replies, I have found some interesting 
tutorials in the ibm developer connection.

https://www6.software.ibm.com/developerworks/education/j-sec1

and

https://www6.software.ibm.com/developerworks/education/j-sec2

Registration is needed.

I will post the same message on the Web Application Security list, as 
suggested by someone.

For now, I thing I will use md5 for password checking (I will use the 
approach described in secure programmin fo linux and unix how-to).

I will separate the authentication module, so I can change its 
implementation at anytime.

Thank you again!

Mario Torre
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html