/    Sign up×
Community /Pin to ProfileBookmark

Can u have security over http?

Copy linkTweet thisAlerts:
Apr 30.2006

If you are logging in under http instead of https, can the info that is sent be seen? I know many of us use md5 or something to encrypt passwords, but the data isn’t being encrypted until it reaches the server, right? So the password sent from a form to the server is raw until it gets there and then encrypted.

If what i say above is correct, the data being sent is unsecure until it hits the server, then encrypted and checked, is there anyway to encrypt it before it is sent? Other than https?

to post a comment
PHP

7 Comments(s)

Copy linkTweet thisAlerts:
@NogDogApr 30.2006 — You could use JavaScript to encrypt it. You might then also want to have the JavaScript set the value of a hidden form field to indicate that it has encrypted the input, so that your PHP script knows it's already been done. That way if a user has JavaScript disabled or is using a client that does not support it, you can still do the encryption on the server side.
Copy linkTweet thisAlerts:
@NogDogApr 30.2006 — PS: Just read what I wrote above, and the problem with that is that a sniffer could still sniff the encrypted value, and just send that along with the hidden field value, so I guess it really wouldn't add much.

I guess https is really still the best solution for anything that requires serious security.
Copy linkTweet thisAlerts:
@rch10007authorApr 30.2006 — Does JS and PHP have an ecryption method that is compatible so that each can read the others encrytpion?

Also, did you spam proof yet?
Copy linkTweet thisAlerts:
@NogDogApr 30.2006 — Does JS and PHP have an ecryption method that is compatible so that each can read the others encrytpion?[/quote]
MD5 (but see my reply to myself)

Also, did you spam proof yet?[/QUOTE]
Put a header(location) to a meta refresh redirect page for a quick and dirty solution. ?
Copy linkTweet thisAlerts:
@rch10007authorApr 30.2006 — a very simply way to spam proof is to just destroy the variables which contain the mail() info IF the mail() was sent successfully. kinda like:

[code=php]
 if ( mail ( $recipient, $subject, $msg, $mailheaders ) )
{
$_SESSION = array();
}
[/code]
Copy linkTweet thisAlerts:
@NogDogApr 30.2006 — Except I'm not using sessions for it at this point.
Copy linkTweet thisAlerts:
@rch10007authorApr 30.2006 — i just used that as an example, you can unset any variables!
×

Success!

Help @rch10007 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.7,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...