Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Encryption on Post Or get
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Encryption on Post Or get
 Post Reply Post Reply Page  123>
Author
  Topic Search Topic Search  Topic Options Topic Options
meteor View Drop Down
Groupie
Groupie
Avatar

Joined: 31 August 2003
Location: Iran
Status: Offline
Points: 67 		Post Options Post Options   Thanks (0) Thanks(0)   Quote meteor Quote  Post ReplyReply Direct Link To This Post Topic: Encryption on Post Or get
    Posted: 07 June 2004 at 11:05am

Hello
how can I Secure My Scripts that Use login system . if a sniffer is in network then he can see my passwords so how can i encrypt or encode data transfer.is any function or algorithm to do this . like i want to encode pass word on client and send it to server and then decrypt it.
Sincerely
--------------------
PowerFull Scripts For NTTacPlus
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2004 at 11:08am
Use SSL...
Back to Top
meteor View Drop Down
Groupie
Groupie
Avatar

Joined: 31 August 2003
Location: Iran
Status: Offline
Points: 67 		Post Options Post Options   Thanks (0) Thanks(0)   Quote meteor Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2004 at 1:30pm

no . except this one. i want when a user click on submit button the script encode/encrypt his/her password and then send it to server .
what is client and server side scripts . (client using java script and server asp).i think this is more secure.

Sincerely
--------------------
PowerFull Scripts For NTTacPlus
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2004 at 1:54pm
No that is definatley not more secure, since anybody can read and crack your encyrption on the client side. SSL is the only way really. And neither javascript or client side VBscript is powerful enough to safely encrypt data.

Edited by Mart
Back to Top
pmormr View Drop Down
Senior Member
Senior Member


Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479 		Post Options Post Options   Thanks (0) Thanks(0)   Quote pmormr Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2004 at 3:29pm

Now i'm not going to give this a Safest in the world security but you could always use a javascript oneway encryption function and then send the hashed password over the internet and then compare it on the server... that isn't the most seucre way but it would be better than nothing... what's better?

mypassword

or

LK4LK7J2LK4J74LK7J247JHG4O2I6G&25745852
Paul A Morgan

http://www.pmorganphoto.com/
Back to Top
pmormr View Drop Down
Senior Member
Senior Member


Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479 		Post Options Post Options   Thanks (0) Thanks(0)   Quote pmormr Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2004 at 3:31pm

the windows authentication system is pretty cool... Kerberos... Send the validation packet encrypted RC4 with the user's password, and then the client sends the unencrypted packet back with another encrypted packet inside of it for the server to know that it really is the user's computer
Paul A Morgan

http://www.pmorganphoto.com/
Back to Top
Mart View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 November 2002
Status: Offline
Points: 2304 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mart Quote  Post ReplyReply Direct Link To This Post Posted: 08 June 2004 at 3:22pm

I would not recommend any client side encryption, if this is for a login app you could use DIGEST authentication which is  a bit like BASIC authentication but an MD5 digest is sent instead of plain text.

The trouble with client side encryption is:

1) You will never get it as strong as SSL because you won't be able to handle key's etc.

2) Anybody can view your code and identify weaknesses via View Source
Back to Top
pmormr View Drop Down
Senior Member
Senior Member


Joined: 06 January 2003
Location: United States
Status: Offline
Points: 1479 		Post Options Post Options   Thanks (0) Thanks(0)   Quote pmormr Quote  Post ReplyReply Direct Link To This Post Posted: 08 June 2004 at 4:49pm
the best way to do it is to just use SSL... that would probably require the least work
Paul A Morgan

http://www.pmorganphoto.com/
Back to Top
 Post Reply Post Reply Page  123>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.