Jump to content


Photo

Transfering data from Client to Server and back


  • Please log in to reply
5 replies to this topic

#1 Dk_ZeRO-Cool

Dk_ZeRO-Cool
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 12 September 2006 - 09:45 AM

Hi.
I have made to small Encryption scripts for my page.
One JavaScript, and one PHP. Thay both do the same thing, except that one handles the client, and the other handles the server.

The Password is encrypted by to random keys. Both keys is needed to Decrypt the password.
At the moment I tranfer both keys to and from the server by to Cookies.
But the problem is that the cookies is not allways set in time for the next script to receive them.

Is there no better way to tranfer the keys to and from the server by PHP and JavaScript?

#2 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 12 September 2006 - 11:34 AM

why to make an encrytion via js, your encryption algorithm is seen too easily.

Anyway try sending your encrypted text with XMLHTTPRequest Object.
Roy Simkes
Yet Another Parkyeri Developer

#3 Dk_ZeRO-Cool

Dk_ZeRO-Cool
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 12 September 2006 - 12:47 PM

I know it is seen easily. That's why I have 2 reandom generated keyes to Encrypt and Decrypt the password with. And the Cookies I create, expires in a sec, right after the next script receives them.

The Encrypter is to Encrypt passwords that are send by <input> from a login part of my community.
When the server recieves the password, the PHP part of the Encrypter calls the 2 cookies that were created using the JavaScript Part of the encrypter, decrypts the password using the 2 keyes, and expires the cookies ....
But I can not use PHP to Encrypt the password before it is send to the server, that requires Client Side scripting.

And I see 2 problems using Cookies to tranfer the keyes.
1: The cookies are not allways created in time for the next script to recieve them.
2: Cookies are not the most secure place to store that kind of information. Not even in a sec.

Now, I am not a shark at XML. I just started using it.
But is XMLHTTPRequest not less secure place to store information then cookies??

I think I wrote it wrong before, sorry...
It's like i wrote above. It is not the password it self I need to tranfer. That I do with a form.
It is the 2 keyes that is needed to decrypt the password I need to tranfer...

#4 yaba

yaba
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 13 September 2006 - 04:25 AM

maybe go for XMLHTTPRequest + HTTPS then...

#5 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 21 September 2006 - 02:16 PM

well XMLHTTPRequest does not store your data at somewhere. It just sends your data to the server. You can read some articles about it from ajaxfreaks.com or ajaxian.com
Roy Simkes
Yet Another Parkyeri Developer

#6 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 22 September 2006 - 10:18 AM

I'm not sure I understand what the problem is here -- why are you ever decrypting the password?
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users