The PHPLIB auth class has some code to do this. You might want to look there
for ideas. If I recall correctly, they sent a hidden random string along
with the form that was different on each request. They then did an md5 hash
of the post data concatenated with the random string.
Kirk
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 12:20 PM
To: PHP
Subject: [PHP] encryption and HTTP
Without using SSL or JavaScript, is there any way to make an
md5 hash or
encrypt a string before sending it out as a POST request?
It seems that without encrypting the data before sending it, it can
still be intercepted. Once intercepted, it doesn't matter if I use
md5() on the $_POST['password'] once it gets to the script, because
anyone can submit the same intercepted string to the script
via POST and
it will be md5()ed when it gets there, thus defeating the purpose.
Maybe I haven't quite wrapped my brain around a decent authentication
scheme yet.
Erik
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php