Welcome to WebmasterWorld Guest from 18.205.246.238

Forum Moderators: phranque

Message Too Old, No Replies

Newbie question alert !! Passwords

How to encrypt a password client side, and decrypt server side

     

neil laurance

2:51 pm on Jul 31, 2001 (gmt 0)

Inactive Member
Account Expired

 
 


I'm sure you've all seen this question before, if so flame away ;)

An application I am working to improve sends a password across to the server in unencrypted form, so that examining the QUERY_STRING variable, the password can be seen plainly. I was wondering if there is a simple way to encrypt a password client side using Javascript, and then unencrypt using Perl on the server side?

Thanks for any advice

5:13 pm on July 31, 2001 (gmt 0)

Preferred Member

10+ Year Member

joined:May 9, 2001
posts:416
votes: 0


If the query string can be seen it suggests the name/value pair is being appended to the url. If that's the case you're using the wrong method for sending the password. Use the POST method in your form, not GET, nor any client-side scripting that appends the n/v pair.
5:46 pm on July 31, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 4, 2001
posts:997
votes: 0


You really should be using a secure connection. Check out verisign.com, or ask your provider for more information. Anything less and the encryption can generally be reversed, although there are ways of making it harder.

If you dont want to go this (somewhat expensive) route, you could have some javascript that takes the string, changes the characters with some kind of rough encryption, then submits. The CGI on the other end would then decrypt it. The problem is choosing a safe encryption method. Basically, anything you can choose could be seen by someone else. They could look at your encryption javascript source and would be able to determine the password.

neil laurance

8:48 am on Aug 1, 2001 (gmt 0)

Inactive Member
Account Expired

 
 


Thanks for the information guys.

Cheers, NEIL