securing a custom app
in [General]
|
Prev: Front End Dev seeking guidance
Next: Is there a good way to extract the <embed>/<object> content in HTML with/without closing tag?
From: Nilesh Govindarajan on 23 May 2010 11:11 On 05/23/2010 05:22 PM, David Mehler wrote: > Hello everyone, > Thanks. I'm looking in to the ssl, I would like to use it, and it does > seem much less work than the alternative. > Thanks. > Dave. > > > On 5/23/10, Adam Richardson<simpleshot(a)gmail.com> wrote: >> On Sun, May 23, 2010 at 12:40 AM, David Mehler<dave.mehler(a)gmail.com>wrote: >> >>> Hello, >>> I've got a custom app that interacts with a database. I want to use >>> something stronger than .htaccess to protect it and ssl is not >>> available as this is a shared host. There will be several user's >>> accessing this app and updating the database through it. What i was >>> thinking was giving each a unique username, password, and ID string, >>> which would be somehow used to compute a hash and if that would match >>> access could be granted. That's just a guess on my part, i'd >>> appreciate any suggestions. >>> Thanks. >>> Dave. >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >> If you really, really can't get to SSL, you could develop the client-side >> code to use a java applet as a proxy, and the applet could handle the >> encryption (I've only done that once and it wasn't worth the work in the >> long-run, I should have just switched hosts OR clients.) You could also >> pull off the same effect with a FLEX application, too. >> >> And, if you really, really wanted to, you could even develop an ajax >> application that encrypted the traffic before sending and decrypted any >> incoming traffic using a hash of a nonce provided by the server and the >> password of the user (the server-side PHP would perform the complimentary >> actions.) However, this would be quite a bit of work, and I'm hoping that >> you can talk someone into a hosting upgrade :) >> >> For reference, here's a javascript implementation of AES I've used in the >> past (there's a port of the corresponding PHP to use linked on the same >> page): >> http://www.movable-type.co.uk/scripts/aes.html >> >> But, again, I hope you can just switch to a host with SSL. >> >> Adam >> >> -- >> Nephtali: PHP web framework that functions beautifully >> http://nephtaliproject.com >> > Ah obviously, because it is not done by PHP but managed by the server ! ;) -- Nilesh Govindarajan (निलेश गोविंदराजन) Twitter: nileshgr Facebook: nilesh.gr Website: www.itech7.com |