form di login crittografata senza Https
The login secure form is a solution using two script language, one on user side (browser) and the other on server side
(PHP) that works togheter to obscure (crypt) the post/get data; and decrypt them at server side.
All security is about levels though - nothing is secure. This library obviously fills a specific level, and provides some
protection. It'd certainly make some guy in the IT dept packet sniffing likely give up.
You're not going to use it for a banking website.
The following description is excerpted form Jcryption site (http://www.jcryption.org/info/).
Normally if you submit a form and you don’t use SSL, your data will be sent in plain text. But SSL is neither supported
by every webhost nor it’s easy to install/apply sometimes. So Daniel Griesser created this plug-in in order that you are
able to encrypt your data fast and simple. jCryption uses the public-key algorithm of RSA for the encryption.
jCryption at it’s current state is no replacement for SSL, because there is no authentication, but the main goal of
jCryption should be a very easy and fast to install plugin which offers a base level of security.
jCryption was tested with Internet Explorer 6 +, Mozilla Firefox 3+, Safari 3, Opera 9+, Google Chrome.
Some of the features are:
· RSA form data encryption up to 2048 bit
· AjaxSubmit supported
· no SSL required
· easy to install, use and extend
· doesn’t block the browser on calculations
jquery.jcryption.js require jQuery 1.4.2+ (already tested with jQuery 1.6.1)
CHAPTER 1: INSTALLATION
This guide is intended for developers that are familiar that wish to desingn a login script and cannot use a server with
The first thing you want to do is ensure that you have a standard, working installation of a webserver (e.g. Apache, IIS,
etc.). In example
The scripts are developed for PHP5, and framework are not tested with version 4 of PHP. The main reason is that PHP
5 has a completely redesigned, mature object model.
No database is required to crypt/decrypt, but login process can use, if present, a Ldap to validate user/password and
and a user table to select administrative right (based on user type).
1.2. INSTALLATION IN TESTED ENVIRONMENT.
Installation instructions and scripts presented in this tutorial are tested on Operating System Windows XP S.P.3
(installed on virtual vmware machine )
Note: the instructions in this tutorial are for a WAMP5 installation. You may need to modify them slightly for a
different configuration on your machine.
Details of installed environment are:
WAMP5 Version 1.7.2, http://sourceforge.net/projects/wampserver/files/WAMP5/
Host name of my local apache installation is grossinixv, so my installed apache navigation pages start with
Browser used in example panels is SeaMonkey/2.4.1.-english version.
· Internet Explorer 6,7, 8
· Firefox 3.x
· Seamonkey 1.1.17italian
jCryption PHP class require bcmath extension
Last version can be downloaded from my site (cannot change initially uploded version).