I'm in a rush right now, so I appologize for not investigating this myself further, but I was wondering if PHP pages could be utilized in my OS web server? Is it like HTML where it is just a packet standard that is interpreted on the client machine, or does the OS server have to have support for PHP-specific libraries?
Like say, I want to tell the client to send the MD5 hash of a password, do I just send a PHP page like an HTML page and the client will understand the MD5(x) function and return the hash in a packet, or will it return something that needs to have specific libraries for me to utilize it?
Is there any other HTML-like protocol that could be used for transmittion-phase encryption (sending already encrypted). I have not heard of an HTML tag that does this, so I would assume that it is not possible using standard HTML.
PHP usage.
PHP usage.
Website: https://joscor.com
-
xyzzy
- Member
- Posts: 391
- Joined: Wed Jul 25, 2007 8:45 am
- Libera.chat IRC: aejsmith
- Location: London, UK
- Contact:
Re: PHP usage.
PHP is a server-side language, if that's what you mean. It requires an interpreter on the web server.
Re: PHP usage.
Use Javascript, if you want to perform some processing in client's browser.
If something looks overcomplicated, most likely it is.
Re: PHP usage.
I think I may just do that.
I'm trying to make it so that when a user logs in to the webpage, the username/password is sent over the wire in ciphertext that way MITM attacks will be less likely to be effective.
I'm trying to make it so that when a user logs in to the webpage, the username/password is sent over the wire in ciphertext that way MITM attacks will be less likely to be effective.
Website: https://joscor.com
-
Combuster
- Member
- Posts: 9301
- Joined: Wed Oct 18, 2006 3:45 am
- Libera.chat IRC: [com]buster
- Location: On the balcony, where I can actually keep 1½m distance
- Contact:
Re: PHP usage.
As for the security question: HTML deals with content, the transmission of data is the task of HTTP. You can make that secure by using HTTPS instead (which essentially is HTTP over SSL)
Re: PHP usage.
The best way for simple security on webpages, is the use of PHP. Javascript will fail with it. Because we can see the javascript code.
PHP code is serverside, will be parsed on the server, so the visitor wont see any code of it.
That is very important, because MD5 is hacked, and some others are too. You can use them all. For example:
Now, the hacker needs to know which hashes you have used. If it got the first, md5, it has an hash again. And again, and again.
That is a very simple way.
You need a PHPparser on your server. You need to write your own for your own OS (or parse the real one).
Use it together with the program you have written for HTTP. Check for extensions like: .php .php5 .php4 .php3. Or simply parse all (will take more time).
Using SSL doesn't give you login or hashing. It only secures the connection.
// PHPnerd
PHP code is serverside, will be parsed on the server, so the visitor wont see any code of it.
That is very important, because MD5 is hacked, and some others are too. You can use them all. For example:
Code: Select all
$hash = md5(sha1(md5(crc32($toHash))));
That is a very simple way.
You need a PHPparser on your server. You need to write your own for your own OS (or parse the real one).
Use it together with the program you have written for HTTP. Check for extensions like: .php .php5 .php4 .php3. Or simply parse all (will take more time).
Using SSL doesn't give you login or hashing. It only secures the connection.
// PHPnerd
Jinix