|Newbie questions about Pliant
Chiper Int and Float
|Message posted by maybe Rogerio Justino on 2001/09/26 06:05:37
|I have tried to cipher Int and Float and couldnt, wy ?
var Int day
var Int monthy
cipher day monthy
|Message posted by maybe Hubert Tonneau on 2001/09/26 09:07:53
|I don't understand why you want to use the 'cipher' instruction of the
HTTP server in your application.
It is HTTP server internal stuff used by the HTTP server to pass values
safely from a page to another.
|Message posted by maybe Rogerio on 2001/09/26 16:41:47
|I found this function in a page and than i start to use it to crypt my database
if I cant use cipher and uncipher to crypt information that I send to my
database, witch function do I have to use ?
|Message posted by maybe Hubert Tonneau on 2001/09/26 18:38:26
|var Int i
i := ...
i is used
In the following senario, 'i' variable is passed to the next page.
The value is automatically ciphered by Pliant HTTP server, so the browser
is unable to corrupt it. This is transparent. You have nothing special to do.
|Message posted by maybe Rogerio on 2001/09/28 03:31:19
|My problem is: crypt the datas to send to my database.
I was using -cipher- this way.
each us user filter (keyof us)= Code
us:name1:= cipher Name1 us:password_md5
|Message posted by maybe Hubert Tonneau on 2001/09/28 09:32:39
|Ok, you would need a set of functions:
function string_cither clear password -> ciphered
arg Str clear password ciphered
function string_uncither ciphered password -> clear
arg Str ciphered password clear
Not really hard to write.
The problem is what will be the password.
If you use the MD5 of the clear user password, then it does not work for
users using the strong crypto proxy since these are using a public/private
key pair instead of a password.
Then it is much more complex since the private key will not be sent to
the HTTP server, so the HTTP server cannot use it to decode a message that
it would have ciphered using the public key (only the client can do that).
Now, if you use only clear password, then it's not really hard to catch
all passwords through listening the network.