Hello everyone, Thanks. I'm looking in to the ssl, I would like to use it, and it does seem much less work than the alternative. Thanks. Dave. On 5/23/10, Adam Richardson <simpleshot@xxxxxxxxx> wrote: > On Sun, May 23, 2010 at 12:40 AM, David Mehler <dave.mehler@xxxxxxxxx>wrote: > >> Hello, >> I've got a custom app that interacts with a database. I want to use >> something stronger than .htaccess to protect it and ssl is not >> available as this is a shared host. There will be several user's >> accessing this app and updating the database through it. What i was >> thinking was giving each a unique username, password, and ID string, >> which would be somehow used to compute a hash and if that would match >> access could be granted. That's just a guess on my part, i'd >> appreciate any suggestions. >> Thanks. >> Dave. >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > If you really, really can't get to SSL, you could develop the client-side > code to use a java applet as a proxy, and the applet could handle the > encryption (I've only done that once and it wasn't worth the work in the > long-run, I should have just switched hosts OR clients.) You could also > pull off the same effect with a FLEX application, too. > > And, if you really, really wanted to, you could even develop an ajax > application that encrypted the traffic before sending and decrypted any > incoming traffic using a hash of a nonce provided by the server and the > password of the user (the server-side PHP would perform the complimentary > actions.) However, this would be quite a bit of work, and I'm hoping that > you can talk someone into a hosting upgrade :) > > For reference, here's a javascript implementation of AES I've used in the > past (there's a port of the corresponding PHP to use linked on the same > page): > http://www.movable-type.co.uk/scripts/aes.html > > But, again, I hope you can just switch to a host with SSL. > > Adam > > -- > Nephtali: PHP web framework that functions beautifully > http://nephtaliproject.com > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
