< ="text/">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Helvetica}
Hi Wagner,
I have a question about security, not really a support issue but wondered what yours or others recommendations might be?
Since most of our customers will be using Xdata/Sparkle from within their own network http is much easier than https as getting a certificate for a local IP address isn't practical. Still I'd like to obfuscate the logon credentials and we will be using JWT to control access rights. So my question is in regard to how best to implement that.
I think I am just going to encrypt the user name and password and store the key in both the server and the client and have a common algorithm to salt the password so that it's different every time. I know there are many vulnerabilities with this approach and that someone could just grab the JWT token and by-pass security altogether.
Or perhaps I should just create a testing certificate for each site and use https? What do you think?