Re: DES Encryption Java for the Basic authentication PHP

Johnny wrote:
I need an algorithm to encrypt a string with the DES encryption, that
works whit the basic auth in PHP.
I've tried some algorithms but the output don't works whit php....
BASIC Authentication does not use DES.
Oh.... and what kind of encryption does the basic auth uses??
Thomas


HTTP Basic Authentication uses no encryption at all. Here's
a simplified outline of it:

A user clicks a link in their web browser, and the web server
recognizes that URL as protected with Basic Authentication.

The web server checks the HTTP request packet for a special
header, containing the username and password in plain,
Base-64 encoded text. There is no such header originally,
so the web server returns a special type of error message
to the browser.

The web browser gets the message and prompts the user to
enter a username and password. That information is
added to the HTTP request packet, and that packet is
sent again.

Now the web server sees the correct header, and looks up
the username and password someplace. If all is well the
request is honored and the protected web page is fetched
and returned.

All subsequent requests by your web browser to that same
protected part of the web (called a "realm") will automatically
include that authentication header. So you don't get
prompted for a username and password every time.

Note there is no DES or crypt used at all. Base-64
encoding is an alternative to ASCII encoding. This
is not the same thing as using encryption!

This scheme is so insecure that it should only be used
with HTTPS, which encrypts all parts of all packets.

Now you can use this with PHP. If your PHP script returns
the correct error message to the browser when the request
packet lacks the proper basic auth header, the user
will see the same dialog box pop up requesting a
username and password, for that "realm".

There is a lot of material on the web about secure PHP
pages, http://phpsec.org/ for example.

What any of this has to do with Java, I don't know.
You can of course code up a servlet to do this, but
most of this stuff is built into Java already, as
some other posters have pointed out. Maybe you
should continue this discussion in a PHP newsgroup?
You might get more PHP experts answering you there!

-Wayne
.

Relevant Pages

  • Re: undefined function error if I use a fully-qualifed include
    ... >>obtains filename.php by performing an HTTP request to the specified ... which specifies "Go and get this resource using the HTTP protocol". ... PHP doesn't ... off to Apache to satisfy. ...
    (comp.lang.php)
  • Re: a gentle nudge
    ... I volunteered for a church project whereby I need my PHP page to send ... off a HTTP request to third party web site that provides a service. ... Is that part of the http package, too, or do I need something ...
    (comp.lang.php)
  • Re: newbie questions...
    ... > are there any good PHP compilers... ... with PHP must go over HTTP (using a HTTP GET or HTTP POST request). ... Connectionless interactions don't allow sessions to "persist". ...
    (comp.lang.php)
  • Re: [PHP] Re: File Upload - post_max_size and upload_max_filesize in GBs
    ... So it seems applet posts complete data to that php file handling script,*as soon as upload button is clicked*, rather than uploading first and then posting to php. ... As that seems to be the case; there is no real benefit in using applet (in case of http) other than that progress bar which is already supported by php 5.2 ... I think you need to read up on how an HTTP POST request works when it's handled by PHP because some of what you've written there indicates that you don't quite have it. ...
    (php.general)
  • Re: http configuration
    ... The only way this would be possible is if you could control the HTTP headers that are sent to the CGI request on the AS/400. ... Basic Authentication is sent as the following HTTP header: ...
    (comp.sys.ibm.as400.misc)