So here's a problem: to increase the level of security of transmitted data to the server, and the defense should be in the client's browser. This means that the listening to the communication channels, the attack on the HTTPS connection and other SQL injection You will be scary even when transmitting data over insecure protocols.
For such problems was developed by a symmetric Hash-Mask algorithm. Its distinctive features: simplicity and high of crypto protection, and the possibility of protection by JavaScript in the client browser. Code is simple and open, which allows full user control over the encryption/decryption of data. The encryption process occurs in off-line mode, which further increases defense.
This mechanism is implemented is very simple: on the client side — by connecting three additional scripts and server — dopolnitelno module (developed so far for Perl). In fact, all of these modules and scripts add-ons are already working on the scheme.
- Client features: standard form with two fields.
- Connect: framwork jQuery, script, MD5, encoding script
After filling the fields and clicking on the "Send" button, the following happens: the script prompts you to enter the code word and remembers it (the next time it requests to enter is not necessary); retrieves data from all the form fields and encodes them; the fields themselves — nulls; creates a new field named "Q" and with a value equal to encoded string sends to the server is this field.
On the server, then the decoding module decodes the data field "Q" and adds them to the standard fields of the CGI module, which is already possible to work as usual. Poluchaetsya this module like this:
#!/usr/local/bin/perl
use Secure;
The data is taken from the variable $Q. for Example, so we get the value of the field "name"=> $Q->param("name"). The variable $Q is not necessary to create: it creates a module.
Try to fill in the fields will then be prompted to enter a codeword — enter Masha and receive data processed on the server page. Note query string sent to the server.