For now, I am just getting this logged somewhere I can find it later:
Code:
<script>
var el = document.createElement( “script” );
el.setAttribute( “type”, “text/javascript” );
el.setAttribute( “src”, “time.php?rand=”+bigRandomString);
document.getElementsByTagName( “head” )[ 0 ].appendChild( el );
function receiveTime(minLeft)
{
// Do whatever
}
</script>
time.php:
<?php
$minleft = “whatever”;
print “receiveTime($minleft);”
exit;
?>
Imagine you have a text box, like this:
Name: [ ]
Email: [ ]
You want them to be text boxes that the user can type in, but you also have some default choices to give. For example, I may have an address book in a database and may want to provide an autocomplete function on these fields.
So, I wrote a generic javascript package to be able to do this. I call it, “dropbox”. It allows you to turn any text input element into a text/dropbox element. You just define an array of choices to be displayed. It will show the whole list, onfocus, if the field is empty, but will reduce it’s selection set as the user types. In other words, it acts as an autocomplete selection drop down.
PostPosted: Wed Aug 24, 2005 12:18 am Post subject: Reply with quote
We store our passwords in an md5 style password hash that the PHP crypt function provides. It takes a 13 character salt.
My friend and co-worker brought up a good discussion with me. The discussion was what if the database was to be compromised. Could the passwords be cracked? The answer: yes, a dictionary/brute force cracker, like John the Ripper, could be used to crack as many passwords as possible. In a database with over 1 million passwords, a percentage of them are crackable, probably a large percent.
So, the idea of using a different algorithm to store passwords came up. What if we used:
The way Apache works, this cannot be done. Let me explain why:
Consider this request header for https://www.modphp.org/: