Questo sito utilizza cookies, anche di terze parti, per mostrare pubblicità e servizi in linea con il tuo account. Leggi l'informativa sui cookies.
Username: Password: oppure
form di login crittografata senza Https

form di login crittografata senza Https

18441_size.jpg
The login secure form is a solution using two script language, one on user side (browser) and the other on server side
(PHP) that works togheter to obscure (crypt) the post/get data; and decrypt them at server side.
All security is about levels though - nothing is secure. This library obviously fills a specific level, and provides some
protection. It'd certainly make some guy in the IT dept packet sniffing likely give up.
You're not going to use it for a banking website.
The following description is excerpted form Jcryption site (http://www.jcryption.org/info/).
Normally if you submit a form and you don’t use SSL, your data will be sent in plain text. But SSL is neither supported
by every webhost nor it’s easy to install/apply sometimes. So Daniel Griesser created this plug-in in order that you are
able to encrypt your data fast and simple. jCryption uses the public-key algorithm of RSA for the encryption.
jCryption at it’s current state is no replacement for SSL, because there is no authentication, but the main goal of
jCryption should be a very easy and fast to install plugin which offers a base level of security.
The way jCryption is, that the data is encrypted on the client (javascript) and decrypted your virtual private server with
PHP.
jCryption was tested with Internet Explorer 6 +, Mozilla Firefox 3+, Safari 3, Opera 9+, Google Chrome.
Some of the features are:
·  RSA form data encryption up to 2048 bit
·  AjaxSubmit supported
·  no SSL required
·  easy to install, use and extend
·  doesn’t block the browser on calculations
Requirement :
jquery.jcryption.js require jQuery 1.4.2+ (already tested with jQuery 1.6.1)

CHAPTER 1: INSTALLATION
1.1. PREREQUISITES
INTENDED AUDIENCE
This guide is intended for developers that are familiar that wish to desingn a login script and cannot use a server with
Https capability.
We expect the reader to have some basic knowledge of system administration. Of course, as this is a PHP –Javascript
solution, so knowing PHP 5 and Javascript is a huge advantage.
WEB SERVER
The first thing you want to do is ensure that you have a standard, working installation of a webserver (e.g. Apache, IIS,
etc.). In example
PHP 5
The scripts are developed for PHP5, and framework are not tested with version 4 of PHP. The main reason is that PHP
5 has a completely redesigned, mature object model.
DATABASE
No database is required to crypt/decrypt, but login process can use, if present, a Ldap to validate user/password and
and a user table to select administrative right (based on user type).
1.2. INSTALLATION IN TESTED ENVIRONMENT.
WINDOWS
Installation instructions and scripts presented in this tutorial are tested on Operating System Windows XP S.P.3
(installed on virtual vmware machine )
Note: the instructions in this tutorial are for a WAMP5 installation. You may need to modify them slightly for a
different configuration on your machine.
Details of installed environment are:
WAMP5 Version 1.7.2, http://sourceforge.net/projects/wampserver/files/WAMP5/
Host name of my local apache installation is grossinixv, so my installed apache navigation pages start with
http://grossinixv.
Browser used in example panels is SeaMonkey/2.4.1.-english version.
Tested browsers:
·  Internet Explorer 6,7, 8
·  Firefox 3.x
·  Seamonkey 1.1.17italian

jCryption PHP class require bcmath extension

Last version can be downloaded from my site (cannot change initially uploded version).
http://digidownload.libero.it/magiainformatica/login_crypt ...


Categoria: Sicurezza / PHP
Piattaforma:

Sito web: http://digidownload.libero.it/magiainformatica/login_crypt ...
Downloads: 691
Rating: (0 voti)
Data: 25/03/2010
Download

A proposito dell'autore

Descrizione non disponibile. Questo membro non è più parte della Community.

Aggiungi un commento

Inserisci il tuo commento qui
Esegui il login oppure registrati per inviare commenti