[UPHPU] User Login suggestions
email at timothyhumphrey.com
Thu Sep 2 15:04:37 MDT 2004
I'm also very curious on how that client side encryption works... After
getting my Linux machine up and running, the next project will be a SSL
server for the login content, and then I'll split up the site. I'd love to
get my hands on that code.
> From: "David Smith" <DavidSmith at byu.net>
> Date: Thu, 2 Sep 2004 14:54:28 -0600 (MDT)
> To: list at uphpu.org
> Subject: Re: [UPHPU] User Login suggestions
> <quote who="Tierra">
>> On Thu, 2 Sep 2004 14:04:43 -0600 (MDT), David Smith <davidsmith at byu.net>
>>> <quote who="Tierra">
>>>> I could go on about RSA encryption, SSL, and others as I've coded up
>>>> my own very secure login system.
>>> Do share!
>> You asked for it! (well, demanded, but it doesn't matter) =)
>> If you don't have the funds or getting a _signed_ SSL certificate
>> isn't worth the hassle, you can still sign your own certificates and
>> still run the entire user session over encryption, only the user will
>> be asked if your certificate is acceptable everytime they visit the
>> site. If you don't want that message either, then your still not out
>> send to the client to encrypt any data they will be sending back to
>> the server (in my case, I encrypt the password, it's a little more
>> cumbersome to encrypt all the POST data, and the HTTP request can
>> still be seen since your not running through standard SSL anyway).
>> That's done with the help of PHP and a MySQL table that keeps track of
>> all keys sent to clients on their different IP addresses so it can
>> decrypt the data when it's sent back (were still working with multiple
> encrypt passwords on the client side without an SSL HTTP session for the
> uug.byu.edu site. I couldn't find a solution, so I just settled for a less
> secure setup with clear password transfer (and a little warning note). Did
> or embedded in the script? How did your clients validate the authenticity
> of the key? You've got my curiosity going now.
> To unsubscribe, e-mail: list-unsubscribe at uphpu.org
> For additional commands, e-mail: list-help at uphpu.org
More information about the UPHPU