As I read about security it seems that the only secure way to encrypt
data is to not store the key anywhere on the server. So I have the user
manually type it in and it gets stored as a persistent cookie on their
machine.
In other words, when the log in, they are prompted for the key . the
key is then posted via a form to a php script which stores the key as a
cookie. Is this secure? Is there any loophole in doing it this way?
1  1606 
<ve*****@yahoo. comwrote in message
news:11******** **************@ i3g2000cwc.goog legroups.com...
As I read about security it seems that the only secure way to encrypt
data is to not store the key anywhere on the server. So I have the user
manually type it in and it gets stored as a persistent cookie on their
machine.
In other words, when the log in, they are prompted for the key . the
key is then posted via a form to a php script which stores the key as a
cookie. Is this secure? Is there any loophole in doing it this way?
Well there's always the possibility of packet sniffing
( http://en.wikipedia.org/wiki/Packet_sniffer) as long as you are using http.
If you can set up an https server, then you can talk about secure. All data
from client to server, including the encryption key is then already
encrypted and can't be revealed by capturing packets like when using http.
--
"ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" -lpk sp**@outolempi. net | Gedoon-S @ IRCnet | rot13(xv***@bhg byrzcv.arg) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Harold Crump |
last post by:
Greetings,
I have a requirement of storing some .xml files on a web server.
The files will contain financial information like credit card numbers,
so I would like to encrypt them.
The files will stay there until another program downloads them and
deletes the files.
My question is - which of the functions in the mcrypt library provide
|
by: Mike |
last post by:
Hello,
I want to read and write key'ed cookies from both javascript and ASP.
I can't find any javascript that reads and writes cookies with keys,
so that it is compatible with ASP like the following:
<%
Response.Cookies("user")("firstname")="John"
Response.Cookies("user")("lastname")="Smith"
|
by: Ray Cassick \(Home\) |
last post by:
Ok, time to ask the question here.. I have been battling over this one for
sometime now and just have to ask it.
I have created a few classes that I use to act a security keys. These
classes get serialized using a binary formatter and then symmetrically
encrypted. The app will deserialize them and use the contents to judge
licensing capabilities, etc.
Currently the license key and vectors are stored in the code. I don't like
the idea...
|
by: Bonj |
last post by:
I was in need of an encryption algorithm to the following requirements:
1) Must be capable of encrypting strings to a byte array, and decyrpting
back again to the same string
2) Must have the same algorithm work with strings that may or may not be
unicode
3) Number of bytes back must either be <= number of _TCHARs in *
sizeof(_TCHAR), or the relation between output size and input size can be
calculated simply. Has to take into account the...
|
by: David |
last post by:
One thing that's always puzzled me about implementing encryption on
remote asp.net apps is where to store the keys. The demo code indicate
that you include them in a configuration file, but this would seem to
defeat the purpose. If someone obtained the configuration file and
they knew the encryption method, then they could decrypt your data.
Storing them hard-coded in the app is just as bad, since it can be
disassembled. Obfuscation...
| | |
by: Randall Parker |
last post by:
Some basic security questions:
1) Is there any difference in the sort of encryption keys needed for encrypted
cookies versus for https connections?
2) Does one need encrypted cookies for people who log on to a site using forms
authentication?
|
by: pintu |
last post by:
Hello everybody..
I hav some confusion regarding asymmetric encryption.As asymmetric
encryption it there is one private key and one public key.So any data
is encrypted using private key and the same is decrypted at client side
using public key and vice-versa..Now i hav confusion like i.e.
* Are both the keys available to both sender and receiver.?
* When data is encrypted using public key ,Is the same data decrypted
using private key(...
|
by: =?Utf-8?B?bWljcm9ob2Y=?= |
last post by:
Short version:
Is there a way to configure (preferably programmatically) the max encryption
strength that will be used by the framework when connecting to a particular
SSL-protected web service?
Long version:
Historically, browsers could only be exported to certain countries if they
supported only 40 and 56 bit encryption; 128 bit was restricted. I believe,
based on my readings thus far, that this refers to the strength of the...
|
by: Netwatcher |
last post by:
well, i started messing around with dictionaries, yet, most of the pages i found about them always talk about getting only one word out of it and turning it vice versa, i've been playing with that code for a few hours:
#dics
Encryption={',':'hy{;',' ':'h4x0r2','':'zomg','?':'bko','a':'ika','b':'d0v','c':'ino', 'd':'maw', 'e':'aon', 'f':'que', 'g':'kip', 'h':'an', 'n':'ko
print lol
except KeyError:
print 'These...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
