[thelist] possible jscript/php/frames question!!

[Ken Schaefer]

What exactly are you trying to accomplish through the use of encryption?

Encryption requires the use of key(s). In the case of symmetric encryption,
the same keys are used at either end. In the case of asymmetric encryption,
you have a private/public key pair.

This issue with encryption is key management - how do you get the key to the
client securely so that the client can encrypt the transmission? How can you
stop a man-in-the-middle, or the end user, from discovering/subverting the
key?

Again, I ask you - what are you trying to accomplish? When considering
security measures, the first thing that needs to be considered is the actual
risk you are attempting to mitigate, and then to employ a mechanism that
mitigates that risk. Lots of people like to use "encryption" (replace with
whatever technology you want to use) without understanding what such a use
actually protects you against, and thus end up with a false sense of security
(and an easily subverted application).

And you can take the sarcastic attitude elsewhere if you want good technical
assistance with what is ultimately your problem, and no one else's. Yes, SSL
does require the use of certificates, but that's what's used to get around
the key management issues inherent in encrypting data.

Cheers
Ken


: -----Original Message-----
: From: bruce [mailto:bedouglas at earthlink.net]
: Sent: Sunday, 19 June 2005 4:31 PM
: To: thelist at lists.evolt.org; Ken Schaefer
: Subject: RE: [thelist] possible jscript/php/frames question!!
: 
: you do??!!!
: 
: you mean you have something called ssl... i can barely spell ssl!!
: 
: my, lawdy, do tell!!
: 
: sorry for the sarcasm! ssl is ok, but i want something that i control...
: ssl requires (if done correctly) the need for security certificates, and
: other issues.
: 
: i want something that i would be in control of.
: 
: but thanks for looking out for us unknowing tech folk. so tell me, just
: how do i use this thing that has buttons on it and makes this thing on the
: screen go all over the place!!!
: 
: just kidding!!!
: 
: but the encryption is important, which is why i've started to think that
: flash might be worth exploring...
: 
: -bruce
: 
: 
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
: [mailto:thelist-bounces at lists.evolt.org]On Behalf Of Ken Schaefer
: Sent: Saturday, June 18, 2005 8:43 PM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] possible jscript/php/frames question!!
: 
: 
: What is the purpose of "encrypting" the co-ordinates? If it's to stop
: someone
: between the client and the server from seeing and/or intercepting the
: data,
: then we have something called "SSL" which is eminently suited to this
: task.
: 
: Cheers
: Ken
: 
: : -----Original Message-----
: : From: thelist-bounces at lists.evolt.org [mailto:thelist-
: : bounces at lists.evolt.org] On Behalf Of bruce
: : Sent: Sunday, 19 June 2005 7:39 AM
: : To: 'Maximillian Schwanekamp'
: : Cc: thelist at lists.evolt.org
: : Subject: RE: [thelist] possible jscript/php/frames question!!
: :
: : max...
: :
: : btw, i finally was able to check out your app, while you're not able to
: : see
: : the 'query/post' information on the url browser window, it can be seen
: via
: : a
: : plugin/sniffer.
: :
: : i suspect that your thought regarding flash is probably the way to go...
: : so,
: : now i need a flash guru!!!
: :
: : if flash would take care of the mouse clicks/capturing the mouse clicks
: : and
: : encrypting them prior to the coordinates being sent back to the server,
: : this
: : would solve the mouse/location issue...
: :
: :
: : -bruce
: :
: :
: : -----Original Message-----
: : From: Maximillian Schwanekamp [mailto:lists at neptunewebworks.com]
: : Sent: Saturday, June 18, 2005 12:50 PM
: : To: bedouglas at earthlink.net
: : Cc: thelist at lists.evolt.org
: : Subject: Re: [thelist] possible jscript/php/frames question!!
: :
: :
: : bruce wrote:
: : > i checked out your sample app... it might work...
: : >
: : > i could create a separate/2nd page and do the post to that page, and
: : store
: : > the x/y coordinates in a session array... on the 2nd page, i could
: also
: : > encrypt the information before i store it, i could then display the
: : array
: : on
: : > the 1st page, much like what you do....
: : >
: : > questions:
: : >  -could i access the POST information as $submit_x/$submit_y, and why?
: : what
: : > in PHP gives me these variables? you do an extract. is that a PHP
: : function,
: : > or one of your own creation?
: :
: : PHP function. Mainly useful when you're putting array values into a
: : string.
: : http://us2.php.net/extract
: :
: : > -does this test app give different results if the user is scrolling?
: : does
: : > the test work on all browsers? a quick test seems to indicate that
: : scrolling
: : > doesn't affect the results, and a test on IE/Firefox seems to give
: : similar
: : > results...
: :
: : No. This is pretty basic HTML stuff.  The x/y bit is in the spec.  See
: : "image" type at:
: : http://www.w3.org/TR/html401/interact/forms.html#input-control-types
: :
: : > so, if the questions/issues i raised are positive, then my next issue
: is
: : to
: : > determine how to go about creating a process to build image
: maps(images)
: : > comprised of the random shapes that i initially discussed....
: :
: : Random shapes?  I don't recall you mentioning that earlier in the
: : thread.  If you need to generate shapes on the fly, you'll need image
: : generation, which is usually non-trivial.
: : http://us2.php.net/manual/en/ref.image.php
: :
: : You might check out one of the image classes at phpclasses.org.  I
: : believe there are a few classes to make generating shapes a simple
: : matter.  You could then send an image map to match the points you used
: : to create the shape.
: :
: : > if this is reasonably doable, this should give me the ability to
: create
: : an
: : > image comprised of random shapes... have the user select the items in
: : the
: : > image, with me storing the (x.y) coordinate locations, being able to
: : encrypt
: : > them, and then sending the information/array back to the server...
: :
: : If you're creating random images on the fly, and need the user to be
: : able to click multiple points, and then take all that info and post it
: : somewhere, you should probably go to Flash instead.  What you're
: : decribing sounds a lot like a real basic Flash game (something like
: : "shoot the woozle").  You could still collect the info and send it to a
: : php script for processing.
: :
: : It would help to have some idea of what you're trying to accomplish.
: : Can you give us some more info?
: 
: --
: 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
: 
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !