nel sito web il download della versione allineato alla 1.2 di Jcrypton
form di login crittografata senza HttpsThe login secure form is a solution using two script language, one on user side (browser) and the other on server side
(PHP) that works togheter to obscure (crypt) the post/get data; and decrypt them at server side. All security is about levels though - nothing is secure. This library obviously fills a specific level, and provides some protection. It'd certainly make some guy in the IT dept packet sniffing likely give up. You're not going to use it for a banking website. The following description is excerpted form Jcryption site (http://www.jcryption.org/info/). Normally if you submit a form and you don’t use SSL, your data will be sent in plain text. But SSL is neither supported by every webhost nor it’s easy to install/apply sometimes. So Daniel Griesser created this plug-in in order that you are able to encrypt your data fast and simple. jCryption uses the public-key algorithm of RSA for the encryption. jCryption at it’s current state is no replacement for SSL, because there is no authentication, but the main goal of jCryption should be a very easy and fast to install plugin which offers a base level of security. The way jCryption is, that the data is encrypted on the client (javascript) and decrypted your virtual private server with PHP. jCryption was tested with Internet Explorer 6 +, Mozilla Firefox 3+, Safari 3, Opera 9+, Google Chrome. Some of the features are: · RSA form data encryption up to 2048 bit · AjaxSubmit supported · no SSL required · easy to install, use and extend · doesn’t block the browser on calculations Requirement : jquery.jcryption.js require jQuery 1.4.2+ (already tested with jQuery 1.6.1) CHAPTER 1: INSTALLATION 1.1. PREREQUISITES INTENDED AUDIENCE This guide is intended for developers that are familiar that wish to desingn a login script and cannot use a server with Https capability. We expect the reader to have some basic knowledge of system administration. Of course, as this is a PHP –Javascript solution, so knowing PHP 5 and Javascript is a huge advantage. WEB SERVER The first thing you want to do is ensure that you have a standard, working installation of a webserver (e.g. Apache, IIS, etc.). In example PHP 5 The scripts are developed for PHP5, and framework are not tested with version 4 of PHP. The main reason is that PHP 5 has a completely redesigned, mature object model. DATABASE No database is required to crypt/decrypt, but login process can use, if present, a Ldap to validate user/password and and a user table to select administrative right (based on user type). 1.2. INSTALLATION IN TESTED ENVIRONMENT. WINDOWS Installation instructions and scripts presented in this tutorial are tested on Operating System Windows XP S.P.3 (installed on virtual vmware machine ) Note: the instructions in this tutorial are for a WAMP5 installation. You may need to modify them slightly for a different configuration on your machine. Details of installed environment are: WAMP5 Version 1.7.2, http://sourceforge.net/projects/wampserver/files/WAMP5/ Host name of my local apache installation is grossinixv, so my installed apache navigation pages start with http://grossinixv. Browser used in example panels is SeaMonkey/2.4.1.-english version. Tested browsers: · Internet Explorer 6,7, 8 · Firefox 3.x · Seamonkey 1.1.17italian jCryption PHP class require bcmath extension Last version can be downloaded from my site (cannot change initially uploded version). http://digidownload.libero.it/magiainformatica/login_crypt ...
Data: 25/03/2010
|
Aggiungi un commento