javascript - PHP Secure Login - Client-side options? -

-

Right now I'm confused for the authentication I use with Codeigniter to get advice from the user on libraries I am here. I have detected dx_auth and simpleloginsecure (I think I will use it later due to my safe hashing and small footprint).

But, what about the hashing of the password on the client side? I have not seen any mention of this in the documentation of libraries. How secure is these libraries, even if there is no need to have some client-side encryption (JS) so that passwords can never be posted in plain text? Or am I missing something and none of these libraries cover it ...

thanks

Update: However, I was under the assumption that it was PHP The codinator plugin) were in exchange for the SSL (were I completely wrong here)? If I am wrong, then is there a safe way to complete it without SSL? (Previously I used the JavaScript MD5 hash function to encrypt the password before posting it ... but I was expecting more securely).

Update 2 is OK - so it seems that I should use SSL. If this is the case, then what are the fancy php certification libraries that do all kinds of hashing? If the SSL takes care of encryption on the server from the client, then what is the point of using these libraries (dx_auth etc), besides also involving role capabilities in it)? Is it to ensure secure storage of data on server / database? (I can compare the level of sensitivity of the data on that project, which I am working on Stackoverflow..no credit card or some more sensitive, just usernames, passwords etc.)

To encrypt the client-side data, you will need SSL.

Basically the SSL Browser starts the encryption key, each session that is encrypted with post variables, and then the server is decrypted at the other end.

JS encryption can actually make your system less secure because it will expose your hashing algorithm. / P>

Update:

Password hashing does not protect it from being trapped between client and server, rather it means that if someone hacks your site To get access to your database, or in any way, all passwords are not viewable in plain text. This is particularly important because many people use the same password for multiple sites.


Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more