Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
I've been reading for the past two days on CGI.pm and more specifically on encryption / security. I'm to the point that I think I've "Got It!", but I'd rather post my thoughts (*after reading a bit*) and see if others can verify what I suspect regarding login encryption.
To the best of my knowldege (*and please educate me if I'm off base*) the problem with encrypting a username / password login is that the login has already been submitted over the 'net' clear text to the server before the 
my $query = new CGI;
if ($query->param('submit'))
{
   #encryption
}

[download]
is called. Therefore ecrypting using the submit button is too late.
I know that one option is to have a secure server connection (https) however that isn't an option with my current server situation at work. My end goal is just to avoid sending the login clear text.
So I deduce that the only method then is to encrypt client side with JavaScript before the server gets ahold of it. Of course then the problem is that EVERYONE (and their dog) can just look at the source and figure out your encryption methods (again, not secure.)
That's my understanding so far from reading all kinds of posts on security, cookies, encoding etc. With all of that said I have two questions:
  1. Am I right in my understanding of what is happening?
  2. What are the options for password protection to avoid sending clear text?
BTW: If anyone wants advice on security in general, just type 'security' in the search box and read for a couple of days (that's what I did.) Thanks to all who posted in the past. You're posts saved me tons of time and I appreciate it.

- Mission
"Heck I don't know how to do it either, but do you think that's going to stop me?!!"

In reply to Login Encryption and CGI understanding by Mission

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (2)
As of 2024-04-19 21:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found