Re: WC:>: Re: encrypting password

Rythmist Mon, 10 Aug 1998 18:18:53 -0400
Using simple encryption through Javascript you can encrypt the password
using a key value prior to sending. (This offers very limited protection.
However, there are programs that will encrypt source code and programs
that will remove all white space and allow JavaScript code to function.)

Using the same scheme with perl offers a little more protection. The below
Javascript and form provides a simple example. (Thanks to Gordon McComb -
The JavaScript Sourcebook)

<script language="javascript">
<!--
function getForm()
{
// Place User Entry into Variables

name = document.passform.username.value;
pswd = encode(document.passform.password.value,12);
}

function encode(OrigString, CipherVal)
{
Ref="0123456789abcdefghijklmnopqrstuvwxyz.*-~ABCDEFGHIJKLMNOPQRSTUVWXYZ"
CipherVal = parseInt(CipherVal)
var Temp=""
for (Count=0; Count < OrigString.length; Count++){
  var TempChar = OrigString.substring(Count, Count+1)
  var Conv = cton(TempChar)
  var Cipher=Conv^CipherVal
  Cipher=ntoc(Cipher)
  Temp += Cipher
}
return(Temp)
}

function cton(Char)
{
return(Ref.indexOf(Char));
}

function ntoc(Val)
{
return(Ref.substring(Val, Val+1))
}
//-->
</script>

<form method="POST" name="passform">
  <div align="center"><center><table border="1" cellpadding="0"
cellspacing="0" bordercolordark="#000080" bordercolorlight="#008080">
    <tr>
      <td bgcolor="#008080"><font color="#00FFFF"><strong>Your
Name:</strong></font></td>
      <td><input type="text" size="30" name="username"></td>
    </tr>
    <tr>
      <td align="right" bgcolor="#008080"><font
color="#00FFFF"><strong>Password:</strong></font></td>
      <td><input type="password" size="30" name="password"></td>
    </tr>
    <tr>
      <td align="center" colspan="2"><input type="button" name="B1"
value="Send" onclick="getForm()"><input type="reset" name="B2"
value="Clear"></td>
    </tr>
  </table>
  </center></div>
</form>

Rythmist


-----Original Message-----
Date: Monday, August 10, 1998 11:31 AM
Subject: Re: WC:>: Re: encrypting password


From:           Malka Cymbalista <[EMAIL PROTECTED]>

> Thanks very much for the reply.
> Here's my scenario: I have an Oracle database that allows
> access by the user entering a password.  So what I want to do is create a
> form where the user enters his password, the password is sent to the
> server and the server verifies that the password is correct.  Is there any
> way to ensure that the password gets encrypted before it get sent to the
> server?



____________________________________________________________________
--------------------------------------------------------------------
 Join The Web Consultants Association :  Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
Re: WC:>: Re: encrypting password

Reply via email to
