andrerod
commented
12 years ago For now, this is out of scope for these libraries. Your app should reference a lib to perform that operation.
Closed voodootikigod closed 12 years ago
andrerod
commented
12 years ago For now, this is out of scope for these libraries. Your app should reference a lib to perform that operation.
Almost all applications on the web require some level of cryptographic security even if just for hashing passwords and other sensitive data. There should be a uniform cross platform API for accessing the native and most appropriate (openssl or windows Cryptographic service) library to allow developers to leverage the same code regardless of deployment target. For example, I use the node-BCrypt library (https://github.com/ncb000gt/node.bcrypt.js) for hashing passwords, it obviously doesn't compile on the azure platform because openssl libraries aren't present. I am not even sure if the WCS provides for BCrypt, and if it doesn't it would definitely be something to get plumbed in for a variety of reasons, not the least of which is the reduced acceptance of SHA/MD5 hashes as "secure enough". In terms of API, Nick Campbell (ncb000gt) has a pretty good start at the JS level one that fits my needs and is abstract enough that it should work for any implementation of BCrypt library, I would start there and modify as appropriate and needed.