Jump to content


Photo

Client Sided PHP Security Tool


  • Please log in to reply
3 replies to this topic

#1 Silverado_NL

Silverado_NL
  • Members
  • PipPipPip
  • Advanced Member
  • 105 posts
  • LocationZaandam (Netherlands)

Posted 30 August 2006 - 12:53 PM

hi everybody.
while i whas working on a login script for my forum, i stumbled upon a term called packet sniffing.
if you send your password in plain text or unecrypted then somebody could just read it!.
so i thought well then ill use the MD5 or swordfish hashing function to make it safer.
and then to send it over the internet to the database.
but since php is sever sided this is gonna be a problem for me.
i dont know JS or any other client sided programming language.
so here is my question.
is it possible to make a encryption tool with the PHP programming language that will encrypt the password on the client side.
are there php compilers on the internet?
and if there are!
are they any good for using these with encryption methods???

thanks in advance.


Greets Silver
The Force is like ductape, it has a light side, it has a dark side, and it combines the universe together!

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 30 August 2006 - 12:58 PM

If you want to encrypt the data being sent to and from the server you'll want to use SSL (Secure Socket Layer). Which you can get openSSL for free to be installed on your server. Then to have a secure connection goto https://mysite.com and any requests to and from the server will be encrypted.

#3 Silverado_NL

Silverado_NL
  • Members
  • PipPipPip
  • Advanced Member
  • 105 posts
  • LocationZaandam (Netherlands)

Posted 30 August 2006 - 01:02 PM

oh thats looks alot easyer then writing my own security script.
thanks wildteen, this will save me loads of time!

The Force is like ductape, it has a light side, it has a dark side, and it combines the universe together!

#4 Silverado_NL

Silverado_NL
  • Members
  • PipPipPip
  • Advanced Member
  • 105 posts
  • LocationZaandam (Netherlands)

Posted 30 August 2006 - 01:09 PM

btw is the data encrypted for both the $_POST and $_GET methods????
oh damn i got the NO SSL dist from apache.
guess i have to reinstall!
The Force is like ductape, it has a light side, it has a dark side, and it combines the universe together!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users