Yea, the hacker would guess a random number in html & javascript but the
hacker have no way of putting it into php on the server-side. So, we get
two different random number and a invalid match.
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
This has been solved - the extra characters are stored in session,
otherwise attacker can repeat it too. Password can be stored on
the server using one way has - on the client the script hashes
twice, first to get hashed password, then together with random
string
Gerald Timothy Quimpo wrote:
On
On Saturday 11 January 2003 12:12 am, Scott Fletcher wrote:
> The only thing that is important to me is that the password get
> encrypted before transmitting across the internet.
from other posts further in the thread it looks like you aren't
ready to use https. that's too bad. that would reall
I got the script working so, I'm posting a script that work for me. If you
wanna try it out or use it then you'll need to get the MD5.js that come with
the libPHP. Just download the libPHP and pull out only one file, MD5.js and
then junk the libPHP.
I found one thing interesting about this code
Here's the message I got from someone. It is pretty cool!
--clip--
if U want MD5 for Java Script try down load PHPLib and search in this
package. and you will find MD5 script with Java Script.
--clip--
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECT
It would be nice if I can use the SSL but I don't want to spend a lot of
time on it on IIS. Beside part of that website is only for internal part
for my company. Beside the end user wouldn't know where hte login link is
anyway.
"Brent Baisley" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTE
Some people don't need it so sophisticated, besides you need your own IP
to use SSL, and that's the problem with virtual hosts.
Brent Baisley wrote:
If you want to increase security then you really should use a secure
connection, then everything is encrypted as well as other security
measures.
Really, pretty cool. I don't know why I was so sure there was a md5
function in javascript (propably because I thought is was everywhere -
untill now). Thanks for the link.
Scott Fletcher wrote:
Hey! There's no MD5 in Javascript which is why I post hte question in the
first place. Now I lost
If you want to increase security then you really should use a secure
connection, then everything is encrypted as well as other security
measures. Even if you do encrypt the password you also need to establish
and track a session to make sure it's the same computer you are
communicating with, gu
Hey! There's no MD5 in Javascript which is why I post hte question in the
first place. Now I lost 5 hours of my time working on writing this script.
You're going to have to be careful because you had to make sure there is MD5
features in Javascript before posting a reply.
I found a workaround to
I'll look into this and try it out. The only thing that is important to me
is that the password get encrypted before transmitting across the internet.
I'm not worry if the JS is disabled because if it is then the login will
never be authenticated. I'll keep on exploring for way to increase
securi
The way you want it can be securely done only using asymetric
encryption, which is not available to JS.
Do you really need to encrypt user_id? You could use md5 to hash
password with some random string,
store the hash in a hidden field and erase password. On server side if
the hidden field is se
12 matches
Mail list logo