Page 1 of 1

client side encrypted login?

Posted: Wed Jan 15, 2003 3:52 pm
by phphphphp
I've written a login for a site, and understand that whole process, using sessions, etc. What I'm curious about is...

All the encryption methods I've seen are all on the server side, so how can I encrypt the variables sent from the client? I'm looking for an open source solution, without using https or certificates. I'm new to this aspect of php. We are running apache servers and php 4.2.1 currently.

'The boss' is convinced that someone could use a sniffer or something to hijack the user's name and password, then login and have access to that user's data. Though it is unlikely, it's still quite possible...

I don't know much about using SSL, or certificates for that matter, does anyone have a solution? Links? Code?

Thanks in advance!

Posted: Wed Jan 15, 2003 3:54 pm
by Morbius
Have you tried md5?

look it up at http://www.php.net - That's what we use. Its a hexidecimal encryption that can encrypt anything you want it to. Sessions, Passwords, hell I bet it can even do the username.

We use it to encrypt the password. One draw back is, however, that you can't have the password posted out by un-encrypting it. At least I haven't figure out a way.

Posted: Wed Jan 15, 2003 4:01 pm
by volka
using encryption on only one side of the connection makes the crypted data as valuable as the plain text.
But there have been some other threads on this topic, e.g. viewtopic.php?t=3168