Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: Monastery login over http

by bliako (Vicar)
on Apr 24, 2018 at 18:45 UTC ( #1213490=note: print w/replies, xml ) Need Help??


in reply to Re: Monastery login over http
in thread Monastery login over http

Noted. But I did not encounter the problem in there. Perlmonks https works fine for me just now.

Maybe have the login form sent to client with added hidden field:

perlmonks_public_key.

Login form encrypts password on client-side using said key and all perlmonks' server has to do (wrt computational burden) is decrypt it. I think user passing his encrypted pass (by private key) was mentioned also here: We blame tye.

Please note, I realise that these are no real solutions (e.g. against man-in-the-middle) which cost zero and that I am very far away from being an expert in security. I am just trying to work out a way where passwords are not sent cleartext with minimal cost to perlmonks (wrt effort, cpu, money) and some real effort on the snooper's side to gain the password (which is not that important anyway).

I would hate my pub-lan-provider having a script saying

if( $bytes =~ /username=(.+?)&password=(.+?)/ ){ store_in_db_and_then_ +sell_to_usual_suspects($1,$2) && cash_out_money() && advertise_charit +y_donations() && sponsor_666_politician() && go_to_parliament_for_que +stioning() }

Replies are listed 'Best First'.
Re^3: Monastery login over http
by marto (Archbishop) on Apr 24, 2018 at 20:07 UTC

    When both webservers have the certificates then IIRC the plan is for everything to be over https.

      that's great.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1213490]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2019-10-14 08:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?