DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
plugin:securelogin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
plugin:securelogin [2018-02-17 11:28] mattfiddlesplugin:securelogin [2018-05-28 21:45] – [Download and Installation] Klap-in
Line 33: Line 33:
 ===== Download and Installation ===== ===== Download and Installation =====
  
-  - Download and install the plugin using the [[plugin:plugin|Plugin Manager]]. You can search for "securelogin" within the Plugin Manager, or use the download link given above. For manual installation, please refer to [[:Plugins]].+  - Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually. For manual installation, please refer to [[:Plugins]].
   - Go the admin pages and select //securelogin//. Then click on the ''generate-new-key'' button.   - Go the admin pages and select //securelogin//. Then click on the ''generate-new-key'' button.
   - You're done. From then on, all passwords are encrypted before being sent.   - You're done. From then on, all passwords are encrypted before being sent.
Line 61: Line 61:
 </code> </code>
  
-The javascript on the page takes the form's password variable `p=MySecretPa$$word` and encrypts as the variable `securelogin`, using the provided salt. It also replaces `p`'s value with stars so it can't submit the password in the clear. +The javascript on the page takes the form's password variable `p=MySecretPa$$word`encrypts it with the provided salt (changed on every page load), and sets the result as `securelogin`. It also replaces `p`'s value with stars so it can't submit the password in the clear. 
  
 When the server receives the data, it sees that `use_securelogin` is set to `1` (true), so it knows the password was encrypted. It will decrypt the `securelogin` variable and separate it from the salt value. From this it gets the `p=MySecretPa$$word` value, which it sets so the Dokuwiki authentication routines have it. Dokuwiki can then compare the passwords like it normally does. When the server receives the data, it sees that `use_securelogin` is set to `1` (true), so it knows the password was encrypted. It will decrypt the `securelogin` variable and separate it from the salt value. From this it gets the `p=MySecretPa$$word` value, which it sets so the Dokuwiki authentication routines have it. Dokuwiki can then compare the passwords like it normally does.
  
-This same process happens during the add user, modify user, and edit profile options. This is what will be seen if someone views a user changing their password:+This same process happens during the add user, modify user, and edit profile options. This is what will be seen if someone views a user changing their password (with this plugin active):
  
 <code> <code>
plugin/securelogin.txt · Last modified: 2023-10-30 23:29 by Klap-in
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links