View previous topic :: View next topic |
Author |
Message |
gnaphos newbie
Joined: 05 Oct 2001 Posts: 5
|
Posted: Fri Oct 05, 2001 1:00 pm Post subject: Secure Login |
|
|
Some fun stuffs to do if you have time, Joe.
There is a way to avoid sending clear password without using
SSL. The login CGI sends a HTML page with a Challenge/Salt along with a Javascript to calculate hashed password. So when the user send the form, it sends the hashed password instead of the clear one. If user don't have javascript then the form can just send clear password instead. The server accepts both methods obviously.
I know it only avoid eavesdropping but doesn't avoid the middle man attack, but it is better than sending clear password. And I don't think people want to submit multiple forms for login just because they want to avoid the attack.
I like your forum btw, ever thought of GPL it? |
|
Back to top |
|
|
joe Site Admin
Joined: 17 Sep 2001 Posts: 110 Location: San Mateo, California
|
Posted: Fri Oct 05, 2001 2:13 pm Post subject: Re: Secure Login |
|
|
Ha Ha sounds complicated, yes I have considered GPLing, have you seen the UBB and YABB forums? I checked out some of the source code for them, this forum is much cleaner and I'm sure it much faster as it uses a MySQL backend, the others are just flatfile. They have do more features but I think simplicity is best |
|
Back to top |
|
|
gnaphos newbie
Joined: 05 Oct 2001 Posts: 5
|
Posted: Fri Oct 05, 2001 8:37 pm Post subject: Re: GPL |
|
|
I haven't seen the source code for others forum. Do you have a CVS for your code? |
|
Back to top |
|
|
joe Site Admin
Joined: 17 Sep 2001 Posts: 110 Location: San Mateo, California
|
Posted: Sat Oct 06, 2001 1:28 am Post subject: Re: GPL |
|
|
no CVS, I really do things very simply, the entire forum script is one file, 1700 lines of code with a common site include for the HTML layout. I guess I should look into version controll soon though. |
|
Back to top |
|
|
|