I'm not very awake this night, but read below...

> -----Original Message-----
> From: Jason Wharton [mailto:jwharton@...]
>
> I would like to take the password that people enter into the
> survery and send and store only the encrypted version of it over
> the net. This way the original password will remain non-disclosed
> but the provider will have reasonable security that nobody else
> is going to ever see their actual password. I don't want people's
> raw passwords in the IBDI database.

Good idea, don't do the same than the first online e-commerce systems that
kept the credit card numbers in plain text. ;-)

> I'd like to continue providing the full source for this tool so I
> wonder if someone would be kind enough to provide a snippet of
> code that will encrypt the password.

Naive question but, what's about the algorithm used by IB itself? It cannot
be reversed, hence it must be cracked by brute force.

> Preferrably one that is compatible with any encryption a browser
> may support. Is there an encrypt tag for an HTML input field?
> Probably not... I guess the CGI/ISAPI will have to take care of
> the encryption on the server. In which case the same snippet of
> code will do just fine since it will be written in Delphi as well.

Sincerely, don't know if there's some logic in the browsers. AFAIK, the
typical method is using SSL or the https:// protocol instead of plain
http://, for example. And speaking about IB's encryption algorithm, if it
was published in Pascal, there must be a C version that's relatively easy to
translate to JavaScript.

C.

> Thanks,
> Jason Wharton
> InterBase Developer Initiative
> jwharton@...
>
>
>
>
>
> Please click above to support our sponsor
>
>
>
> Community email addresses:
> Post message: IBDI@onelist.com
> Subscribe: IBDI-subscribe@onelist.com
> Unsubscribe: IBDI-unsubscribe@onelist.com
> List owner: IBDI-owner@onelist.com
>
> Shortcut URL to this page:
> http://www.onelist.com/community/IBDI