[UPHPU] User Login suggestions

Tierra etierra at gmail.com
Thu Sep 2 14:23:45 MDT 2004


Wait, I'm going to stop there, you probably just got me on the list for a talk.

Bryan

On Thu, 2 Sep 2004 14:22:17 -0600, Tierra <etierra at gmail.com> wrote:
> 
> You asked for it! (well, demanded, but it doesn't matter) =)
> 
> If you don't have the funds or getting a _signed_ SSL certificate
> isn't worth the hassle, you can still sign your own certificates and
> still run the entire user session over encryption, only the user will
> be asked if your certificate is acceptable everytime they visit the
> site. If you don't want that message either, then your still not out
> of luck. You can program some standard Javascript RSA encryption and
> send to the client to encrypt any data they will be sending back to
> the server (in my case, I encrypt the password, it's a little more
> cumbersome to encrypt all the POST data, and the HTTP request can
> still be seen since your not running through standard SSL anyway).
> That's done with the help of PHP and a MySQL table that keeps track of
> all keys sent to clients on their different IP addresses so it can
> decrypt the data when it's sent back (were still working with multiple
> connections).
> 
> Should I go on about how PHP, Javascript, and MySQL handles the encryption?
> 
> Bryan
>



More information about the UPHPU mailing list