Projects / Perl MD5 Secure Login

Perl MD5 Secure Login

Perl MD5 Secure Login is a Web-based framework for implementing an MD5-based encryption scheme on both client (using browser JavaScript) and server (using Perl Digest::MD5) for a secure password login to Web applications. Unlike .htaccess, the password is never stored or transmitted as plain text.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  26 Aug 2003 01:03

Release Notes: This version fixes a bug in the Javascript submit and includes some code cleanup and additional comments.

  •  27 Aug 2002 20:14

Release Notes: Cookies sessions now check the IP address of the client. During the initial user authorization, their IP address is stored, referenced by their cookie ID. The session cookie and the current environment IP address must match during future accesses, or the cookie session validation will fail. Also, if the md5.js javascript file was not installed in the right location, the password would be sent un-encrypted. The javascript md5 code is now output to the browser with a Perl print statement. Since the MD5 algorithm is public, it doesn't matter that people can see the MD5 code.

  •  02 Aug 2002 13:26

Release Notes: The database locking code was integrated into the LoginMD5.pm module to make installation and use easier.

  •  02 Aug 2002 02:11

Release Notes: In this version, the session ID logic was rewritten. Only one response is possible for each session ID. Duplicating a correct response for any particular sessionID will be difficult, since it requires both the client user/password response hash as well as the unique session ID for authentication, and there is a timeout period to respond to any single session ID. These changes make simple sniffing and replaying the response much more difficult. Other changes include the addition of 'addUser.pl' and 'removeUser.pl' command line utilities.

  •  13 Jul 2002 18:19

Release Notes: This release is now in a separate LoginMD5.pm module for easy integration into existing Perl/CGI apps, with a mainProgram.cgi test example. It uses cookies: after a user has successfully logged in, it stores an MD5 encrypted key on the client machine to maintain a user session (for 1 day, by default).

Screenshot

Project Spotlight

FísicaLab

An educational application for solving physics problems.

Screenshot

Project Spotlight

ZXTune

A portable cross-platform library and a set of applications for chiptunes playback.