Re: Encryption Question
- From: "Bart Van der Donck" <bart@xxxxxxxxxx>
- Date: 14 Mar 2007 05:06:47 -0700
David Dorward wrote:
egg...@xxxxxxxxx wrote:
I have a form where a user can change his password,
but I'm confused on how to prevent this from being
transmitted in plain text.
Run the request over HTTP with SSL (HTTPS) not plain old HTTP.
JavaScript isn't relevant to the issue.
A plain javascript solution is possible without need for HTTPS.
http://groups.google.com/group/comp.lang.javascript/msg/096d1191285a15a4
- let user type new password
- encrypt it using javascript (see link above)
- send encrypted string over HTTP and store it
- re-authentication based on same algorithm (handled at server or
client)
The algorithm of the script above corresponds to the default crypt
function on UNIX. This means that the password must be stored as an
encrypted string too - which is certainly recommended, and it seems
that the original poster isn't doing this. A safe password encryption
must always be non-reversible.
--
Bart
.
- Follow-Ups:
- Re: Encryption Question
- From: eggie5@xxxxxxxxx
- Re: Encryption Question
- From: shimmyshack
- Re: Encryption Question
- References:
- Encryption Question
- From: eggie5@xxxxxxxxx
- Re: Encryption Question
- From: David Dorward
- Encryption Question
- Prev by Date: charset switching in input elements
- Next by Date: Re: window.onload and extern js
- Previous by thread: Re: Encryption Question
- Next by thread: Re: Encryption Question
- Index(es):
Relevant Pages
|
