home go links go books go opinion go gallery go projects go resumé go
about this site
archives
book reviews
"to read" list
tech books
search books
books archive
last 10 posts
quotes
cluetrain
cluetrain (mirrored)
randobracket
image auth
search engine hits
  hit history
indexer stats
user agent list
HTML (view)
  (most up-to-date)
MS Word (dl)
code examples
doesntsuck.com
doesntsuck.com

September 28, 2004

paj's website   (link)

http://pajhome.org.uk/
a bunch of random interesting computer geek stuff

http://perl-md5-login.sourceforge.net/
This project implements an MD5-based encryption scheme on both client and server machines to allow encrypted password protection for web-based Perl/CGI applications. Although there are many free Perl/CGI application for password protection, only a few use MD5 on the server-side, but the password still travels over the internet as plain text. All server-side only schemes (like .htaccess password protection) are completely open to packet-sniffing. With this scheme, the browser JavaScript encrypts the password on the client's machine, and session tracking allows only one response per session ID, making simple packet-sniffing and session replaying much more difficult.

Posted by yargevad at September 28, 2004 01:54 PM


This weblog is licensed under a Creative Commons License.