 |
 |
Find a programming school near you
php3-list | 199908
Date: 08/02/99
- Next message: Piotr Motykiewicz: "Re: [PHP3] Indexing Database Driven Sites"
- Previous message: W. J. Samplonius: "Re: [PHP3] mycart..."
- In reply to: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Next in thread: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Jacob Stetser: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I used your algorithm/method to do form login ... and while a "sniffer" (I
don't exactly know what that is) can't see what the password actually was
(because the password field is nulled before the encryption) ... why wouldn't he
be able to "sniff" the encrypted password and just pass that in the field which
it's expected to be in and then breaking the security that way?? ... or is that
not possible?
-steve
On 8/1/99 at 12:58 PM, mlemos <email protected> (Manuel Lemos) wrote:
>
> In pages that take passwords from forms, I usually try to encrypt the
> passwords before submiting using md5() as long as the user's browser is
> Javascript enabled. This doesn't prevent an hacker with a sniffer to
> intercept the data submitted in the form, but at least prevents him to know
> what the password is in clear text.
>
> You may see an example of this using a PHP class that I wrote and you
> may find at:
>
> http://phpclasses.UpperDesign.com/browse.html?package=1
>
> Regards,
> Manuel Lemos
>
> Web Programming Components using PHP Classes.
> Look at: email protected>?subject=Re:%20[PHP3]%202%20way%20encrypt/decrypt%20function%20in%20PHP3?&replyto=19990803002121.AAA28539@[209.219.94.137]">mlemos <email protected>">http://phpclasses.UpperDesign.com/?user=mlemos <email protected>
> --
> E-mail: mlemos <email protected>
> URL: http://www.mlemos.e-na.net/
> PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
> --
>
>
> --
> PHP 3 Mailing List <http://www.php.net/>
> To unsubscribe, send an empty message to php3-unsubscribe <email protected>
> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
> To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
> To contact the list administrators, e-mail: php-list-admin <email protected>
>
-- PHP 3 Mailing List <http://www.php.net/> To unsubscribe, send an empty message to php3-unsubscribe <email protected> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected> To search the mailing list archive, go to: http://www.php.net/mailsearch.php3 To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Piotr Motykiewicz: "Re: [PHP3] Indexing Database Driven Sites"
- Previous message: W. J. Samplonius: "Re: [PHP3] mycart..."
- In reply to: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Next in thread: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Manuel Lemos: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Reply: Jacob Stetser: "Re: [PHP3] 2 way encrypt/decrypt function in PHP3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
