Re: securing a custom app

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/23/2010 05:22 PM, David Mehler wrote:
Hello everyone,
Thanks. I'm looking in to the ssl, I would like to use it, and it does
seem much less work than the alternative.
Thanks.
Dave.


On 5/23/10, Adam Richardson<simpleshot@xxxxxxxxx>  wrote:
On Sun, May 23, 2010 at 12:40 AM, David Mehler<dave.mehler@xxxxxxxxx>wrote:

Hello,
I've got a custom app that interacts with a database. I want to use
something stronger than .htaccess to protect it and ssl is not
available as this is a shared host. There will be several user's
accessing this app and updating the database through it. What i was
thinking was giving each a unique username, password, and ID string,
which would be somehow used to compute a hash and if that would match
access could be granted. That's just a guess on my part, i'd
appreciate any suggestions.
Thanks.
Dave.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


If you really, really can't get to SSL, you could develop the client-side
code to use a java applet as a proxy, and the applet could handle the
encryption (I've only done that once and it wasn't worth the work in the
long-run, I should have just switched hosts OR clients.)  You could also
pull off the same effect with a FLEX application, too.

And, if you really, really wanted to, you could even develop an ajax
application that encrypted the traffic before sending and decrypted any
incoming traffic using a hash of a nonce provided by the server and the
password of the user (the server-side PHP would perform the complimentary
actions.)  However, this would be quite a bit of work, and I'm hoping that
you can talk someone into a hosting upgrade :)

For reference, here's a javascript implementation of AES I've used in the
past (there's a port of the corresponding PHP to use linked on the same
page):
http://www.movable-type.co.uk/scripts/aes.html

But, again, I hope you can just switch to a host with SSL.

Adam

--
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com



Ah obviously, because it is not done by PHP but managed by the server ! ;)

--
Nilesh Govindarajan (निलेश गोविंदराजन)
Twitter: nileshgr
Facebook: nilesh.gr
Website: www.itech7.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux