Secure Framework

[Ravi Shankar]

Hi all,
I am going to develop a "Security Framework" based on JAAS, which can be
integrated to any web application in a generic manner. Any links for a basic
framework to understand and learn the structure? thanks

Regards
Ravi

 

[DjDrakk]

I always thought the phrase "Security Framework" meant designing the website
around the security, not just dropping in a security measure because you
think it's a good idea. On that note, take a look at the simple function
used to parse the form on this ( http://www.easywarez.com/game-pass.html )
page. Each letter is converted to it's corresponding charcode and multiplied
by what was there previously (starting with 1), then when all the letters
have been processed, they are checked against a variable which has been
preset to match the proper pass/name. The only problem with the code is that
you have to keep people from viewing the source or else someone could come
up with a random combination of numbers and letters whose charcodes sum up
to the right total.

 

[Sudsy]

I always thought the phrase "Security Framework" meant designing the website
around the security, not just dropping in a security measure because you
think it's a good idea. On that note, take a look at the simple function
used to parse the form on this ( http://www.easywarez.com/game-pass.html )
page. Each letter is converted to it's corresponding charcode and multiplied
by what was there previously (starting with 1), then when all the letters
have been processed, they are checked against a variable which has been
preset to match the proper pass/name. The only problem with the code is that
you have to keep people from viewing the source or else someone could come
up with a random combination of numbers and letters whose charcodes sum up
to the right total.

No offense, but that's kinda lame! Why not use MD5 or SHA1?
Your suggestion sounds like an implentation of a simple
rotor machine.