requiring javascript login
Posted: Sun Aug 26, 2007 1:18 am
For the open source application I'm currently working on (and trying to do my best at), I need a secure login routine. More than likely, this application will be ran inside of the directory root, leaving it open to editing by users other than the administrator of the application.
So, a login must be necessary. SSL is not an option. I was thinking using javascript hashing in a login form (very similar to the challenge/response login scheme (without a challenge), so passwords or usernames are never sent over an unecrypted connection in plain text.
Username & password will be stored in a config.php file
So that leaves the username and password in plain text, but (hopefully) only viewable to the administrator of said application.
Thoughts/ideas on an http secure login for an application inside of the document root? Is requiring javascript OK in this circumstance? (IE: don't have a fallback option for users without javascript)
Perhaps a $config['salt'] to make the salt unique to every user would help.
So, a login must be necessary. SSL is not an option. I was thinking using javascript hashing in a login form (very similar to the challenge/response login scheme (without a challenge), so passwords or usernames are never sent over an unecrypted connection in plain text.
Username & password will be stored in a config.php file
Code: Select all
<?php
$config['username'] = 'yourusernamehere';
$config['password'] = 'yourpasswordhere';
?>Thoughts/ideas on an http secure login for an application inside of the document root? Is requiring javascript OK in this circumstance? (IE: don't have a fallback option for users without javascript)
Perhaps a $config['salt'] to make the salt unique to every user would help.