On Friday, August 22, 2003, at 05:43 PM, zentara wrote:
On Fri, 22 Aug 2003 05:48:14 +0000, [EMAIL PROTECTED] (Greenhalgh David) wrote:
Hi All,
I need to implement a form that is submitted securely. My client does
not have access to SSL on his host. I was thinking in terms of a
session cookie with a client side RC4 encrypt and a decrypt in the Perl
script. Do peoople here consider that to be a secure scenario, or is
there another method that you could recommend? The encryption needs to
be reversible.
There is a method using javascript http://sourceforge.net/projects/perl-md5-login/
It sends a timed out temporary key, which some javascript uses to encrypt the post.
It's soooooo much better to use SSL.
Zentarra,
Thanks for that. The MD5 is a one way hash, unfortunately. I need to be able to decrypt at the server side.
I agree about SSL, unfortunately my client's host (borrowed space on a non-commercial server) only has 2 IPs for SSL and both are filled until the system upgrade late this year. What I am looking for is a fill in solution that will allow some form of secure transmission of personal information (not a password) until the SSL becomes available.
Dave
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
