...

View Full Version : JavaScript-Php Encryption



iota
07-18-2006, 12:37 PM
Hi masters


Is it possible to retrieve data (that are encrypted with JavaScript) from php ?

I mean I'd like to encrypt data in html form before posting back to the server.

When the data arrive at the server, it's decoded to processs some actions.

Much thanks in advance.

raf
07-18-2006, 12:51 PM
i don't see why it shouldn't be possible, as long as you use an encryption-method that can be implemented in both javascript and php...

but you do realise that SSL does the above for all sent and received content? might be a lott simpler (and universal) to use SSL.

TheShaner
07-18-2006, 01:54 PM
Plus, if you're using your own encryption in Javascript, people can then see your encryption process, thus making it more hackable. SSL is the way to go, although a bit costly. But it's really the only way to go if you want your info encrypted before sending a request from the browser to the server.

However, if you would like to continue this way, look up AJAX. It's the process of using JavaScript to create an HTTP Request, sending that request to a server-side script that will then process the request, and then posting back to your javascript code without ever having to reload the page.

EDIT: Sorry, my head wasn't screwed on right. We're sitting here talking about data being encrypted so that outsiders that intercept the request only receive encrypted data, and then i somehow go on a tangent about users seeing the data. So please ignore the Javascript and AJAX talk on this post. I'm just leaving it so that Raf's response still makes sense, haha.

-Shane

raf
07-18-2006, 03:52 PM
Plus, if you're using your own encryption in Javascript, people can then see your encryption process, thus making it more hackable.
i don't think he worries that clients can see the unencrypted values...
the encryption is probably to prevent harm if the trafic gets intercepted.

so he just needs to use a sessionspecific encryptionkey (like SSL does).


SSL is the way to go, although a bit costly. But it's really the only way to go if you want your info encrypted before sending a request from the browser to the server.
i agree that SSL is probably the way to go. I don't see an easy way to implement a sessionspecifis encryptionkey without exposing the key at some point...


However, if you would like to continue this way, look up AJAX.
not sure why yu bring this up --> i don't see why he should be concerned about reloading the page.

iota
07-19-2006, 06:24 AM
Yeah, the only reason I want to do it to prevent eavesdropping with packet sniffing.

In packet sniffer, the middle man will only see the encrypted data.

So, another way besides SSL ? :(

felgall
07-19-2006, 06:45 AM
The only way I have seen used other than SSL involves using a Java applet.

Spookster
07-19-2006, 06:52 AM
SSL is still the way to go. If cost is an issue you might check with your webhost anyways. Webhosts often have a shared SSL certificate available for their customers to use as part of your hosting package.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum