Smalltalk Frameworks & Tools Iliad

Secure password over HTTP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Bernat Romagosa
Reply | Threaded
Open this post in threaded view
|

Secure password over HTTP

Bernat Romagosa
Hi list,

We're building a login form and we've come with a couple of doubts.

We want the password transfer to be encrypted, so we thought we'd use an md5 script on the client side, but that wouldn't help much as the encrypted password would still be sent over an insecure connection and could be captured in the way to the server.

So we thought the best way would be to send the md5-encrypted password over an HTTPS connection, is there a way to do that in Iliad?

Thanks!

--
Bernat Romagosa.
Nicolas Petton
Reply | Threaded
Open this post in threaded view
|

Re: Secure password over HTTP

Nicolas Petton
Bernat Romagosa <[hidden email]> writes:

> Hi list,
>
>
> We're building a login form and we've come with a couple of doubts.
>
> We want the password transfer to be encrypted, so we thought we'd use
> an md5 script on the client side, but that wouldn't help much as the
> encrypted password would still be sent over an insecure connection and
> could be captured in the way to the server.
>
> So we thought the best way would be to send the md5-encrypted password
> over an HTTPS connection, is there a way to do that in Iliad?

For HTTPS there's Zodiac for Pharo, but as far as I know there's no Zinc
adaptor for Iliad. But hey, is Zodiac coupled with Zinc? I don't know :)

Else you could create a tunnel and do HTTPS with a front-end web server.

Cheers,
Nico

>
> Thanks!

--
Nicolas Petton
http://nicolas-petton.fr
Free forum by Nabble Edit this page