[UPHPU] User Login suggestions
Tierra
etierra at gmail.com
Thu Sep 2 14:22:17 MDT 2004
On Thu, 2 Sep 2004 14:04:43 -0600 (MDT), David Smith <davidsmith at byu.net> wrote:
> <quote who="Tierra">
> > I could go on about RSA encryption, SSL, and others as I've coded up
> > my own very secure login system.
>
> Do share!
>
> --Dave
You asked for it! (well, demanded, but it doesn't matter) =)
If you don't have the funds or getting a _signed_ SSL certificate
isn't worth the hassle, you can still sign your own certificates and
still run the entire user session over encryption, only the user will
be asked if your certificate is acceptable everytime they visit the
site. If you don't want that message either, then your still not out
of luck. You can program some standard Javascript RSA encryption and
send to the client to encrypt any data they will be sending back to
the server (in my case, I encrypt the password, it's a little more
cumbersome to encrypt all the POST data, and the HTTP request can
still be seen since your not running through standard SSL anyway).
That's done with the help of PHP and a MySQL table that keeps track of
all keys sent to clients on their different IP addresses so it can
decrypt the data when it's sent back (were still working with multiple
connections).
Should I go on about how PHP, Javascript, and MySQL handles the encryption?
Bryan
More information about the UPHPU
mailing list