Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Noted. But I did not encounter the problem in there. Perlmonks https works fine for me just now.

Maybe have the login form sent to client with added hidden field:

perlmonks_public_key.

Login form encrypts password on client-side using said key and all perlmonks' server has to do (wrt computational burden) is decrypt it. I think user passing his encrypted pass (by private key) was mentioned also here: We blame tye.

Please note, I realise that these are no real solutions (e.g. against man-in-the-middle) which cost zero and that I am very far away from being an expert in security. I am just trying to work out a way where passwords are not sent cleartext with minimal cost to perlmonks (wrt effort, cpu, money) and some real effort on the snooper's side to gain the password (which is not that important anyway).

I would hate my pub-lan-provider having a script saying

if( $bytes =~ /username=(.+?)&password=(.+?)/ ){ store_in_db_and_then_
+sell_to_usual_suspects($1,$2) && cash_out_money() && advertise_charit
+y_donations() && sponsor_666_politician() && go_to_parliament_for_que
+stioning() }

[download]

In reply to Re^2: Monastery login over http by bliako
in thread Monastery login over http by bliako

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (3)
As of 2024-04-20 01:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found