Dk_ZeRO-Cool Posted September 12, 2006 Share Posted September 12, 2006 Hi.I have made to small Encryption scripts for my page.One JavaScript, and one PHP. Thay both do the same thing, except that one handles the client, and the other handles the server.The Password is encrypted by to random keys. Both keys is needed to Decrypt the password.At the moment I tranfer both keys to and from the server by to Cookies.But the problem is that the cookies is not allways set in time for the next script to receive them.Is there no better way to tranfer the keys to and from the server by PHP and JavaScript? Quote Link to comment Share on other sites More sharing options...
radalin Posted September 12, 2006 Share Posted September 12, 2006 why to make an encrytion via js, your encryption algorithm is seen too easily.Anyway try sending your encrypted text with XMLHTTPRequest Object. Quote Link to comment Share on other sites More sharing options...
Dk_ZeRO-Cool Posted September 12, 2006 Author Share Posted September 12, 2006 I know it is seen easily. That's why I have 2 reandom generated keyes to Encrypt and Decrypt the password with. And the Cookies I create, expires in a sec, right after the next script receives them.The Encrypter is to Encrypt passwords that are send by <input> from a login part of my community.When the server recieves the password, the PHP part of the Encrypter calls the 2 cookies that were created using the JavaScript Part of the encrypter, decrypts the password using the 2 keyes, and expires the cookies ....But I can not use PHP to Encrypt the password before it is send to the server, that requires Client Side scripting.And I see 2 problems using Cookies to tranfer the keyes. 1: The cookies are not allways created in time for the next script to recieve them.2: Cookies are not the most secure place to store that kind of information. Not even in a sec.Now, I am not a shark at XML. I just started using it.But is XMLHTTPRequest not less secure place to store information then cookies??I think I wrote it wrong before, sorry...It's like i wrote above. It is not the password it self I need to tranfer. That I do with a form.It is the 2 keyes that is needed to decrypt the password I need to tranfer... Quote Link to comment Share on other sites More sharing options...
yaba Posted September 13, 2006 Share Posted September 13, 2006 maybe go for XMLHTTPRequest + HTTPS then... Quote Link to comment Share on other sites More sharing options...
radalin Posted September 21, 2006 Share Posted September 21, 2006 well XMLHTTPRequest does not store your data at somewhere. It just sends your data to the server. You can read some articles about it from ajaxfreaks.com or ajaxian.com Quote Link to comment Share on other sites More sharing options...
fenway Posted September 22, 2006 Share Posted September 22, 2006 I'm not sure I understand what the problem is here -- why are you ever decrypting the password? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.