Jump to content

Automated Web Sites

herme3
in Computer Science

Featured Replies

I am well aware of the points you both make, I'm just stating that it's technically, and easily achived to encrypt before sending. The best option is oc to use an ssl connection.

If you simply use JS encryption, a hacker can still catch the password between you and the server, and just resubmit it. There's no way to tell if the hash was sent as a result of being calculated through a form, or just being sent directly.

 

I never said it was good either! :P

 

Or infact worthfull in anyway.

If you simply use JS encryption, a hacker can still catch the password between you and the server, and just resubmit it. There's no way to tell if the hash was sent as a result of being calculated through a form, or just being sent directly.

 

quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

 

Or the IP of the sending user, it's very very very falable though.

quick question: as long as the js encryption is asymetrical, could you include, as part of the encryption prosess, something dependant on, say, the time/date. thus, the password will not be the same twice, and resubmits would be easy to spot.

 

not that making asymetric encryption keys sounds all that easy :D

 

 

Don't forget with sufficient skill and a little knowledge in the language all these can be manipulated. The date and time objects in JS allow you to mess with dates so the hacker could set their own date ID, as for the IP they could intercept that too... Client side encryption is a bad idea period, if you want it - use SSL as was suggested earlier :)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.