However, the login page and more specifically, the javascript that works nicely in a PC browser, doesn't seem to work in the mobile browser.
I'm confused. Whose javascript is this? Yours or is it from 51 degrees?
dgerler
When submitting, it takes the value of "EntryPassword", encrypts it, and stores it in the "password" textbox. In the PC Browser, it works as advertised, but in the mobile browser, the Password textbox is null when submitted.
What key is being used? I don't mean to delve into your app too much, but I'm not sure doing a client-side encryption of the user's password is doing much (unless I'm missing something).
I'm confused. Whose javascript is this? Yours or is it from 51 degrees?
My Javscript that is being brought forward from an old site temporarily until we can migrate the users to a new membership system.
BrockAllen
What key is being used? I don't mean to delve into your app too much, but I'm not sure doing a client-side encryption of the user's password is doing much (unless I'm missing something).
I'm not sure how describe it to you exactly. The client-side produces an encrypted string using various matchmatical operations along with a "salt". On the server side it is decrypted with an reverse operation. Every-time I use my password the encrypted
string is different from the time before.
My Javscript that is being brought forward from an old site temporarily until we can migrate the users to a new membership system.
Ok, so then at least you can control the code to make the fix.
dgerler
I'm not sure how describe it to you exactly. The client-side produces an encrypted string using various matchmatical operations along with a "salt". On the server side it is decrypted with an reverse operation. Every-time I use my password the encrypted
string is different from the time before.
Is the application using SSL? This sounds like some scheme to get around not using SSL. Otherwise I'm not sure how much protexction this is really giving you. Anytime I hear that someone is doing their own crypto, it makes me nervous because it's probably
not done correctly or well and is more insecure than just using standard techniques that are implemeted by the right people (like SSL).
It also sounds like this is something you just have to work with. But at the same time, this JavaScript might be the source of your issues.
I removed the javascript and I get a password through. I'll add SSL and "be done with it". As I looked at it closer, the javascript isn't necessary if I put SSL on it which is somthing that needs to be done anyway and now is as good a time as any.
Brock,
Thank you very much for your assistance over the last 24 hours. Are you an instructor at DevelopMentor?
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: MVC 4 not using mobile pages
Apr 10, 2012 06:08 PM|LINK
I'm confused. Whose javascript is this? Yours or is it from 51 degrees?
What key is being used? I don't mean to delve into your app too much, but I'm not sure doing a client-side encryption of the user's password is doing much (unless I'm missing something).
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
dgerler
Member
3 Points
36 Posts
Re: MVC 4 not using mobile pages
Apr 10, 2012 07:06 PM|LINK
My Javscript that is being brought forward from an old site temporarily until we can migrate the users to a new membership system.
I'm not sure how describe it to you exactly. The client-side produces an encrypted string using various matchmatical operations along with a "salt". On the server side it is decrypted with an reverse operation. Every-time I use my password the encrypted string is different from the time before.
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: MVC 4 not using mobile pages
Apr 10, 2012 07:20 PM|LINK
Ok, so then at least you can control the code to make the fix.
Is the application using SSL? This sounds like some scheme to get around not using SSL. Otherwise I'm not sure how much protexction this is really giving you. Anytime I hear that someone is doing their own crypto, it makes me nervous because it's probably not done correctly or well and is more insecure than just using standard techniques that are implemeted by the right people (like SSL).
It also sounds like this is something you just have to work with. But at the same time, this JavaScript might be the source of your issues.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
dgerler
Member
3 Points
36 Posts
Re: MVC 4 not using mobile pages
Apr 10, 2012 07:41 PM|LINK
In a word, yep.
I removed the javascript and I get a password through. I'll add SSL and "be done with it". As I looked at it closer, the javascript isn't necessary if I put SSL on it which is somthing that needs to be done anyway and now is as good a time as any.
Brock,
Thank you very much for your assistance over the last 24 hours. Are you an instructor at DevelopMentor?
BrockAllen
All-Star
27438 Points
4893 Posts
MVP
Re: MVC 4 not using mobile pages
Apr 10, 2012 07:45 PM|LINK
Yes I am.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/