Re: Securing password between webserver & appserver.

[Till Elsner <Till.Elsner () uni-duesseldorf de>]

What about securing (i.e. encrypting) the connection between web  
server and app server itself, like connecting to the app server from  
the web server via a SSH-forwarded local port? You could keep the  
original authentication method and have the entire communication  
encrypted anyway.

Greetings
Till

Am 07.09.2009 um 08:04 schrieb Chintan Oza:

> Dear All,
>
> We have a web application which perform user authentication on
> id+password basis.
>
> The architecture is like this.
> Browser<-HTTPS->WebServer<-->AppServer
>
> We have a requirement where password should not be available to the
> WebServer (even in hashed format).
>
> Only solution that I can think of is having an Applet performing PKI
> encryption on the password before submitting the form.
>
> Please suggest if there are any better alternatives.
>
> Thanks,
>
> Chintan