JavaScript
  Home arrow JavaScript arrow Building a CHAP Login System: Coding Serve...
IBM developerWorks
Dev Articles Forums 
ADO.NET  
Apache  
ASP  
ASP.NET  
C#  
C++  
ColdFusion  
COM/COM+  
Delphi-Kylix  
Design Usability  
Development Cycles  
DHTML  
Embedded Tools  
Flash  
Graphic Design  
HTML  
IIS  
Interviews  
Java  
JavaScript  
MySQL  
Oracle  
Photoshop  
PHP  
Reviews  
Ruby-on-Rails  
SQL  
SQL Server  
Style Sheets  
VB.Net  
Visual Basic  
Web Authoring  
Web Services  
Web Standards  
XML  
Dedicated Servers  
Actuate Whitepapers 
Moblin 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
JAVASCRIPT

Building a CHAP Login System: Coding Server-Side Random Seeds
By: Alejandro Gervasio
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 12
    2005-09-06

    Table of Contents:
  • Building a CHAP Login System: Coding Server-Side Random Seeds
  • Stepping back: a quick look at the previous CHAP login system
  • Moving forward: Improving the random seed generator
  • Refactoring the CHAP login system: Adding functionality to the JavaScript program
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Building a CHAP Login System: Coding Server-Side Random Seeds
    (Page 1 of 4 )

    Welcome to the second part of “Building a CHAP login system.” In three parts, this series introduces the basics of building a web-based login system that uses the Challenge Handshake Authentication Protocol (hence the CHAP acronyms), explaining its benefits, and exploring its implementation.

    Introduction

    In the previous part of the series, I provided you with core concepts related to client-side data encryption, through the implementation of the MD5 hashing algorithm in JavaScript. I also provided you with the basic requirements for building a login system, which offers a greater level of security compared to the vast majority of such systems found on the Web that usually transmit data in an unencrypted way.

    At this point, hopefully you’ve understood the advantages and drawbacks of working with user-provided data, which is hashed in the client domain, and later transmitted for authentication on the server. As I previously discussed in the first part of the series, the most significant benefit of implementing such as system is obviously the fact that data encryption is performed via JavaScript, without the need to look at other solutions, such as https.

    On the other hand, the use of JavaScript as the core encryption method reveals the strong dependency on scripting-enabled browsers for this technique to be successfully implemented. As you can see, good things come at a cost, and this one is no exception.

    With the key concepts well understood, over this second part, attention will be turned to the server side, where authentication takes place. For this purpose, I’ll be illustrating some methods for generating random seeds, ranging from simple semi-random string generators to slightly more complex procedural approaches. Since all of the server source code will be developed in PHP, it shall be extremely easy to adapt it to working with the language of your choice.

    Next: Stepping back: a quick look at the previous CHAP login system >>
     

    More JavaScript Articles
    More By Alejandro Gervasio


       · The second part of the tutorial looks at several methods to code server-side random...
     
    >>> Post your comment now!

    JAVASCRIPT ARTICLES

    - Detect Browser Compatibility with the Reques...
    - Using the EXT JS Date Picker Widget
    - Ajax Hack for Entering Information Without R...
    - EXT JS 2.1 Overview
    - Using the Style Object for Zebra Tables with...
    - Binary Searching
    - An Improved Approach to Building Zebra Tables
    - Assigning Background Colors Dynamically to Z...
    - Building Zebra Tables with CSS and JavaScript
    - JavaScript: Array Objects
    - A Closer Look at Smart Markers with Yahoo! M...
    - Using Polylines and Smart Markers with Yahoo...
    - Bulleted Menu of Links
    - Creating Click Loggers and Basic Markers wit...
    - Adding Pan Controls to Yahoo! Maps
    Find More JavaScript Articles






    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway