So here's a problem: to increase the level of security of transmitted data to the server, and the defense should be in the client's browser. This means that the listening to the communication channels, the attack on the HTTPS connection and other SQL injection You will be scary even when transmitting data over insecure protocols.
This mechanism is implemented is very simple: on the client side — by connecting three additional scripts and server — dopolnitelno module (developed so far for Perl). In fact, all of these modules and scripts add-ons are already working on the scheme.
- Client features: standard form with two fields.
- Connect: framwork jQuery, script, MD5, encoding script
After filling the fields and clicking on the "Send" button, the following happens: the script prompts you to enter the code word and remembers it (the next time it requests to enter is not necessary); retrieves data from all the form fields and encodes them; the fields themselves — nulls; creates a new field named "Q" and with a value equal to encoded string sends to the server is this field.
On the server, then the decoding module decodes the data field "Q" and adds them to the standard fields of the CGI module, which is already possible to work as usual. Poluchaetsya this module:
The data is taken from the variable $Q. for Example, so we get the value of the field "name"=> $Q->param("name"). The variable $Q is not necessary to create: it creates a module.
Try to fill in the fields will then be prompted to enter a codeword — enter Masha and receive data processed on the server page. Note query string sent to the server.
Vyacheslav Gorchilin, 2014
* Reprinting of the article or the implementation of the algorithm are possible with the installation of links on the website and respect the copyright