Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

Secure Password Authentication

I need help making a page secure using Perl. I have tried to use some so-called password authentication scripts which either send plaintext, or encrypt it but the file is still accessible if the url is entered to the page which defeats the purpose of having a login to begin with.

I would like to know if Perl has a way to use a secure transmission of the password (i.e NOT plaintext from client to server)

Thanks
0
Pourya
Asked:
Pourya
  • 2
1 Solution
 
TintinCommented:
You are much better off using web server authentication, if possible.

What web server do you run?
0
 
arhumanCommented:
Sure Perl does !

There are plenty of hash algorithm available :
Digest::SHA1
Digest::MD5 (avoid Digest::MD4)

on the client side: you get a submitted_password
hash it (via javascript), then send it to the server

the server then compare it to the stored hash of the password. (don't store plain password !)


=> Short all you have to do is to code your page tocheck if the transmitted arg is the correct hash...

Of course to make it immune to 'URL replay' I'd suggest transmitting :

hash(SessionID + hash(submitted_passw)) and SessionID

this way you can't "replay" an old URL (as the Id session has changed) and you can't compute the hash (even if you know SessionID) without knowing the good password...
0
 
PouryaAuthor Commented:
TinTin: I am not the one running the server so I don't have too many options. It is a Netscape Enterprise server running on Unix I believe.

Arhuman: This looks like the kind of thing I want to do, but I am pretty new to this. Are there any places you can point me so I can get the JS and the Digest modules (?) that are required? Thanks :)
0
 
arhumanCommented:
A quick google search (keyword : md5 javascript) gave me :

http://pajhome.org.uk/crypt/md5/

Enjoy...
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now