client side encrypted login?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
phphphphp
Forum Newbie
Posts: 1
Joined: Wed Jan 15, 2003 3:52 pm

client side encrypted login?

Post by phphphphp »

I've written a login for a site, and understand that whole process, using sessions, etc. What I'm curious about is...

All the encryption methods I've seen are all on the server side, so how can I encrypt the variables sent from the client? I'm looking for an open source solution, without using https or certificates. I'm new to this aspect of php. We are running apache servers and php 4.2.1 currently.

'The boss' is convinced that someone could use a sniffer or something to hijack the user's name and password, then login and have access to that user's data. Though it is unlikely, it's still quite possible...

I don't know much about using SSL, or certificates for that matter, does anyone have a solution? Links? Code?

Thanks in advance!
Morbius
Forum Newbie
Posts: 15
Joined: Sat Jul 27, 2002 12:10 am

Post by Morbius »

Have you tried md5?

look it up at http://www.php.net - That's what we use. Its a hexidecimal encryption that can encrypt anything you want it to. Sessions, Passwords, hell I bet it can even do the username.

We use it to encrypt the password. One draw back is, however, that you can't have the password posted out by un-encrypting it. At least I haven't figure out a way.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

using encryption on only one side of the connection makes the crypted data as valuable as the plain text.
But there have been some other threads on this topic, e.g. viewtopic.php?t=3168
Post Reply