Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: Monastery login over http

by marto (Archbishop)
on Apr 24, 2018 at 18:07 UTC ( #1213489=note: print w/replies, xml ) Need Help??

in reply to Monastery login over http

Your connection is not secure. I believe there is an issue regarding one of the servers which needs to be resolved by the hosting company.

Replies are listed 'Best First'.
Re^2: Monastery login over http
by bliako (Vicar) on Apr 24, 2018 at 18:45 UTC

    Noted. But I did not encounter the problem in there. Perlmonks https works fine for me just now.

    Maybe have the login form sent to client with added hidden field:


    Login form encrypts password on client-side using said key and all perlmonks' server has to do (wrt computational burden) is decrypt it. I think user passing his encrypted pass (by private key) was mentioned also here: We blame tye.

    Please note, I realise that these are no real solutions (e.g. against man-in-the-middle) which cost zero and that I am very far away from being an expert in security. I am just trying to work out a way where passwords are not sent cleartext with minimal cost to perlmonks (wrt effort, cpu, money) and some real effort on the snooper's side to gain the password (which is not that important anyway).

    I would hate my pub-lan-provider having a script saying

    if( $bytes =~ /username=(.+?)&password=(.+?)/ ){ store_in_db_and_then_ +sell_to_usual_suspects($1,$2) && cash_out_money() && advertise_charit +y_donations() && sponsor_666_politician() && go_to_parliament_for_que +stioning() }

      When both webservers have the certificates then IIRC the plan is for everything to be over https.

        that's great.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1213489]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (5)
As of 2019-10-22 23:36 GMT
Find Nodes?
    Voting Booth?