From: Nilesh Govindarajan on
On 05/23/2010 05:22 PM, David Mehler wrote:
> Hello everyone,
> Thanks. I'm looking in to the ssl, I would like to use it, and it does
> seem much less work than the alternative.
> Thanks.
> Dave.
> On 5/23/10, Adam Richardson<simpleshot(a)> wrote:
>> On Sun, May 23, 2010 at 12:40 AM, David Mehler<dave.mehler(a)>wrote:
>>> Hello,
>>> I've got a custom app that interacts with a database. I want to use
>>> something stronger than .htaccess to protect it and ssl is not
>>> available as this is a shared host. There will be several user's
>>> accessing this app and updating the database through it. What i was
>>> thinking was giving each a unique username, password, and ID string,
>>> which would be somehow used to compute a hash and if that would match
>>> access could be granted. That's just a guess on my part, i'd
>>> appreciate any suggestions.
>>> Thanks.
>>> Dave.
>>> --
>>> PHP General Mailing List (
>>> To unsubscribe, visit:
>> If you really, really can't get to SSL, you could develop the client-side
>> code to use a java applet as a proxy, and the applet could handle the
>> encryption (I've only done that once and it wasn't worth the work in the
>> long-run, I should have just switched hosts OR clients.) You could also
>> pull off the same effect with a FLEX application, too.
>> And, if you really, really wanted to, you could even develop an ajax
>> application that encrypted the traffic before sending and decrypted any
>> incoming traffic using a hash of a nonce provided by the server and the
>> password of the user (the server-side PHP would perform the complimentary
>> actions.) However, this would be quite a bit of work, and I'm hoping that
>> you can talk someone into a hosting upgrade :)
>> For reference, here's a javascript implementation of AES I've used in the
>> past (there's a port of the corresponding PHP to use linked on the same
>> page):
>> But, again, I hope you can just switch to a host with SSL.
>> Adam
>> --
>> Nephtali: PHP web framework that functions beautifully

Ah obviously, because it is not done by PHP but managed by the server ! ;)

Nilesh Govindarajan (निलेश गोविंदराजन)
Twitter: nileshgr