Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I've been reading for the past two days on CGI.pm and more specifically on encryption / security. I'm to the point that I think I've "Got It!", but I'd rather post my thoughts (*after reading a bit*) and see if others can verify what I suspect regarding login encryption.
To the best of my knowldege (*and please educate me if I'm off base*) the problem with encrypting a username / password login is that the login has already been submitted over the 'net' clear text to the server before the
my $query = new CGI; if ($query->param('submit')) { #encryption }
is called. Therefore ecrypting using the submit button is too late.
I know that one option is to have a secure server connection (https) however that isn't an option with my current server situation at work. My end goal is just to avoid sending the login clear text.
So I deduce that the only method then is to encrypt client side with JavaScript before the server gets ahold of it. Of course then the problem is that EVERYONE (and their dog) can just look at the source and figure out your encryption methods (again, not secure.)
That's my understanding so far from reading all kinds of posts on security, cookies, encoding etc. With all of that said I have two questions:
  1. Am I right in my understanding of what is happening?
  2. What are the options for password protection to avoid sending clear text?
BTW: If anyone wants advice on security in general, just type 'security' in the search box and read for a couple of days (that's what I did.) Thanks to all who posted in the past. You're posts saved me tons of time and I appreciate it.

- Mission
"Heck I don't know how to do it either, but do you think that's going to stop me?!!"

In reply to Login Encryption and CGI understanding by Mission

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others studying the Monastery: (4)
    As of 2020-09-19 16:43 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      If at first I donít succeed, I Ö










      Results (114 votes). Check out past polls.

      Notices?