OSDev.org

The Place to Start for Operating System Developers
http://f.osdev.org/

PHP usage.

http://f.osdev.org/viewtopic.php?t=18137

Page 1 of 1

PHP usage.

Posted: Tue Oct 07, 2008 10:29 am
by 01000101
I'm in a rush right now, so I appologize for not investigating this myself further, but I was wondering if PHP pages could be utilized in my OS web server? Is it like HTML where it is just a packet standard that is interpreted on the client machine, or does the OS server have to have support for PHP-specific libraries?

Like say, I want to tell the client to send the MD5 hash of a password, do I just send a PHP page like an HTML page and the client will understand the MD5(x) function and return the hash in a packet, or will it return something that needs to have specific libraries for me to utilize it?

Is there any other HTML-like protocol that could be used for transmittion-phase encryption (sending already encrypted). I have not heard of an HTML tag that does this, so I would assume that it is not possible using standard HTML.

Re: PHP usage.

Posted: Tue Oct 07, 2008 11:48 am
by xyzzy
PHP is a server-side language, if that's what you mean. It requires an interpreter on the web server.

Re: PHP usage.

Posted: Tue Oct 07, 2008 12:00 pm
by Velko
Use Javascript, if you want to perform some processing in client's browser.

Re: PHP usage.

Posted: Tue Oct 07, 2008 12:28 pm
by 01000101
I think I may just do that.
I'm trying to make it so that when a user logs in to the webpage, the username/password is sent over the wire in ciphertext that way MITM attacks will be less likely to be effective.

Re: PHP usage.

Posted: Tue Oct 07, 2008 2:52 pm
by Combuster
As for the security question: HTML deals with content, the transmission of data is the task of HTTP. You can make that secure by using HTTPS instead (which essentially is HTTP over SSL)

Re: PHP usage.

Posted: Thu Oct 09, 2008 8:00 am
by PHPnerd
The best way for simple security on webpages, is the use of PHP. Javascript will fail with it. Because we can see the javascript code.
PHP code is serverside, will be parsed on the server, so the visitor wont see any code of it.
That is very important, because MD5 is hacked, and some others are too. You can use them all. For example:

Code: Select all

$hash = md5(sha1(md5(crc32($toHash))));
Now, the hacker needs to know which hashes you have used. If it got the first, md5, it has an hash again. And again, and again.
That is a very simple way.

You need a PHPparser on your server. You need to write your own for your own OS (or parse the real one).
Use it together with the program you have written for HTTP. Check for extensions like: .php .php5 .php4 .php3. Or simply parse all (will take more time).

Using SSL doesn't give you login or hashing. It only secures the connection.

// PHPnerd
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited