Quantcast

Secure password over HTTP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Secure password over HTTP

Bernat Romagosa
Hi list,

We're building a login form and we've come with a couple of doubts.

We want the password transfer to be encrypted, so we thought we'd use an md5 script on the client side, but that wouldn't help much as the encrypted password would still be sent over an insecure connection and could be captured in the way to the server.

So we thought the best way would be to send the md5-encrypted password over an HTTPS connection, is there a way to do that in Iliad?

Thanks!

--
Bernat Romagosa.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Secure password over HTTP

Nicolas Petton
Bernat Romagosa <[hidden email]> writes:

> Hi list,
>
>
> We're building a login form and we've come with a couple of doubts.
>
> We want the password transfer to be encrypted, so we thought we'd use
> an md5 script on the client side, but that wouldn't help much as the
> encrypted password would still be sent over an insecure connection and
> could be captured in the way to the server.
>
> So we thought the best way would be to send the md5-encrypted password
> over an HTTPS connection, is there a way to do that in Iliad?

For HTTPS there's Zodiac for Pharo, but as far as I know there's no Zinc
adaptor for Iliad. But hey, is Zodiac coupled with Zinc? I don't know :)

Else you could create a tunnel and do HTTPS with a front-end web server.

Cheers,
Nico

>
> Thanks!

--
Nicolas Petton
http://nicolas-petton.fr
Loading...