?
Solved

Secure Password Authentication

Posted on 2003-03-25
4
Medium Priority
?
174 Views
Last Modified: 2010-03-05
I need help making a page secure using Perl. I have tried to use some so-called password authentication scripts which either send plaintext, or encrypt it but the file is still accessible if the url is entered to the page which defeats the purpose of having a login to begin with.

I would like to know if Perl has a way to use a secure transmission of the password (i.e NOT plaintext from client to server)

Thanks
0
Comment
Question by:Pourya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 8208417
You are much better off using web server authentication, if possible.

What web server do you run?
0
 
LVL 1

Expert Comment

by:arhuman
ID: 8209181
Sure Perl does !

There are plenty of hash algorithm available :
Digest::SHA1
Digest::MD5 (avoid Digest::MD4)

on the client side: you get a submitted_password
hash it (via javascript), then send it to the server

the server then compare it to the stored hash of the password. (don't store plain password !)


=> Short all you have to do is to code your page tocheck if the transmitted arg is the correct hash...

Of course to make it immune to 'URL replay' I'd suggest transmitting :

hash(SessionID + hash(submitted_passw)) and SessionID

this way you can't "replay" an old URL (as the Id session has changed) and you can't compute the hash (even if you know SessionID) without knowing the good password...
0
 

Author Comment

by:Pourya
ID: 8240569
TinTin: I am not the one running the server so I don't have too many options. It is a Netscape Enterprise server running on Unix I believe.

Arhuman: This looks like the kind of thing I want to do, but I am pretty new to this. Are there any places you can point me so I can get the JS and the Digest modules (?) that are required? Thanks :)
0
 
LVL 1

Accepted Solution

by:
arhuman earned 80 total points
ID: 8240699
A quick google search (keyword : md5 javascript) gave me :

http://pajhome.org.uk/crypt/md5/

Enjoy...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question