Is there a way that a hacker can view vars that are being POSTed? And is there an easy way to encrypt the vars? Zack said something a while back about PHP having an MD5 function encryption function. How can I use it?
Yeah, but if they could get that far into your computer there's nothing stopping 'em from putting a keylogger on.
Of course, for very sensitive information like credit card numbers, there's stuff ssl I guess.
If you really felt insecure, however, yeah, you can find some md5 routines on the internet and encrypt everything during an onSubmit() event
Quote:Yeah, but if they could get that far into your computer there's nothing stopping 'em from putting a keylogger on.
Packet sniffing doesn't require a trojan.
Oh yeah... *shrug* See, this is what staying up 48 hours to work on assignments does to you.
I know next to nothing about security (except for my lame encryption algos, hahah), but here's a little thingy about how to use md5...
The MD5 algorithm is a one-way encryption method. Correction: MD5 isn't even encryption, because it can't be unciphered. :wink:
The md5() function in PHP generates the MD5 text of any string.
Code:
$active_pass=md5 ($password);
What I do in my member systems is simple (since I doubt anybody joining is a US National Guard Head Office worker that uses the same password for his computer with all the secrets). When you join, the password you entered is POSTed to a php script, and md5ed. Then it's added to the database.
When you log in, the md5 of the password to entered along with yuor username is compared to the text in the Password field of the database. If it matches, and the username is right, you're logged in.
If you want to see some code, just catch me on MSN or whatever.
PHP has several encryption functions. One is crypt(), another is md5(). I use md5 cos it's less characters for me to type
.
If you want real security, best to use ssl.
In general the internet is insecure. Dont ever think that it ever was secure.
But anyways yeah, if your internet packets were being watched by someone like by some dodgy ISP or on your LAN or whatever your going to have to use SSL or something like it.
If you want to secure data in a database on your server, encrypt it with md5() in php or some other routine, its not too dificult to do this just search the manual/web.
Either that or start learning an obscure language, hehe joking.
Ok thanks guys.
Zack- Ill try that when I get home! Thanks!