Projects / Perl MD5 Secure Login

Perl MD5 Secure Login

Perl MD5 Secure Login is a Web-based framework for implementing an MD5-based encryption scheme on both client (using browser JavaScript) and server (using Perl Digest::MD5) for a secure password login to Web applications. Unlike .htaccess, the password is never stored or transmitted as plain text.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  26 Aug 2003 08:03

    Release Notes: This version fixes a bug in the Javascript submit and includes some code cleanup and additional comments.

    •  28 Aug 2002 00:14

      Release Notes: Cookies sessions now check the IP address of the client. During the initial user authorization, their IP address is stored, referenced by their cookie ID. The session cookie and the current environment IP address must match during future accesses, or the cookie session validation will fail. Also, if the md5.js javascript file was not installed in the right location, the password would be sent un-encrypted. The javascript md5 code is now output to the browser with a Perl print statement. Since the MD5 algorithm is public, it doesn't matter that people can see the MD5 code.

      •  02 Aug 2002 17:26

        Release Notes: The database locking code was integrated into the LoginMD5.pm module to make installation and use easier.

        •  02 Aug 2002 06:11

          Release Notes: In this version, the session ID logic was rewritten. Only one response is possible for each session ID. Duplicating a correct response for any particular sessionID will be difficult, since it requires both the client user/password response hash as well as the unique session ID for authentication, and there is a timeout period to respond to any single session ID. These changes make simple sniffing and replaying the response much more difficult. Other changes include the addition of 'addUser.pl' and 'removeUser.pl' command line utilities.

          •  13 Jul 2002 22:19

            Release Notes: This release is now in a separate LoginMD5.pm module for easy integration into existing Perl/CGI apps, with a mainProgram.cgi test example. It uses cookies: after a user has successfully logged in, it stores an MD5 encrypted key on the client machine to maintain a user session (for 1 day, by default).

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.