[prog] web authentication
Caroline Johnston
johnston at biochemistry.ucl.ac.uk
Thu Nov 10 06:09:21 EST 2005
Hi chix,
I want a reasonably secure login system for a web-app and I'm not quite
sure how to set it up. I had a bit of a google and I reckon I can send a
random number to the browser and MD5 the number with the password
client-side, then send this back and on the server side check whether the
password I've got stored gives the same MD5 when combined with the random
number. Except that this prevents me from one-way encrypting the password
in the DB on the server. Any suggestions on how I make the server-side
more secure? I'm writing in perl (catalyst) with a MySQL DB on a linux box
(FC3) running apache.
Cheers,
Cassxx
More information about the Programming
mailing list