Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: web cgi forms data security...

by pg (Canon)
on Dec 30, 2003 at 20:40 UTC ( [id://317771]=note: print w/replies, xml ) Need Help??


in reply to web cgi forms data security...

use strict; use warnings; require Digest::MD5; my $user = "foo"; my $pass = "bar"; my $key = "something"; my $md5 = Digest::MD5->new(); $md5->add(join(":", $key, $user, $pass)); print $md5->hexdigest;

Replies are listed 'Best First'.
Re: Re: web cgi forms data security...
by extremely (Priest) on Dec 30, 2003 at 21:23 UTC
    I'm going to be interested in how you propose to retrieve the data from that digest... since it returns a 16 byte one-way hash of the data. :)

    Now, to give you credit, you could at least verify that the people hadn't switched up the data from form to form with this. That isn't an unimportant task and worthy of implementing even if the users decides to go with SSL only and just let HTTP and the browser resend the arguments over and over.

    --
    $you = new YOU;
    honk() if $you->love(perl)

      That's actually easy to do. Each time the page loads, you just create a massive distributed computing project to try all possible usernames and passwords.

      Might be a little slow, though.

Re: Re: web cgi forms data security...
by noname00 (Novice) on Dec 30, 2003 at 21:23 UTC
    pg,
    after md5 encryption can i get back my original data?
    with which function?

    thanx

      No. The way a hash digest works is to allow you to REHASH the 2 params and the key (in the same order), and see if the hash is the same. It will be if the params have not been tampered with. You sound like you want real encryption. Here are a few handy functions:

      my $key = "this key must be kept secret!"; sub generate_MD5_hash { my ( $plain_text ) = @_; $plain_text = '' unless defined $plain_text; require Digest::MD5; return Digest::MD5->new->add( $plain_text . $key )->hexdigest; } sub validate_MD5_hash { my ( $hash, $plain_text ) = @_; return 0 unless $hash; return 0 unless defined $plain_text; return $hash eq generate_MD5_hash($plain_text) ? 1 : 0; } sub decrypt { return '' unless $_[0] and $_[0] =~ m!^[A-Fa-f0-9]+$!; require Crypt::Blowfish; require Crypt::CBC; my $cipher = new Crypt::CBC( $key, 'Blowfish' ) return $cipher->decrypt_hex($_[0]); } sub encrypt { return '' unless defined $_[0]; require Crypt::Blowfish; require Crypt::CBC; my $cipher = new Crypt::CBC( $key, 'Blowfish' ) return $cipher->encrypt_hex($_[0]); }

      cheers

      tachyon

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://317771]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2024-09-15 02:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (21 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.