Jump to content

Automated Web Sites

herme3

By herme3
in Computer Science

 Share

Recommended Posts

Klaynos

Klaynos

Posted
Posted

I am well aware of the points you both make, I'm just stating that it's technically, and easily achived to encrypt before sending. The best option is oc to use an ssl connection.

Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

If you simply use JS encryption, a hacker can still catch the password between you and the server, and just resubmit it. There's no way to tell if the hash was sent as a result of being calculated through a form, or just being sent directly.

Klaynos

Klaynos

Posted
Posted
If you simply use JS encryption, a hacker can still catch the password between you and the server, and just resubmit it. There's no way to tell if the hash was sent as a result of being calculated through a form, or just being sent directly.

 

I never said it was good either! :P

 

Or infact worthfull in anyway.

Dak

Dak

Posted
Posted
If you simply use JS encryption, a hacker can still catch the password between you and the server, and just resubmit it. There's no way to tell if the hash was sent as a result of being calculated through a form, or just being sent directly.

 

quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

Klaynos

Klaynos

Posted
Posted
quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

 

Or the IP of the sending user, it's very very very falable though.

Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

Then there'd have to be a way to decrypt it back to some sort of hash that stays the same, so you could check it to be valid. If that was possible, they could easily decrypt it to a plain hash, and then re-add new time/date data.

RyanJ

RyanJ

Posted
Posted
quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

 

 

Don't forget with sufficient skill and a little knowledge in the language all these can be manipulated. The date and time objects in JS allow you to mess with dates so the hacker could set their own date ID, as for the IP they could intercept that too... Client side encryption is a bad idea period, if you want it - use SSL as was suggested earlier :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.