maclema.com  FAQ    Search    Memberlist    Usergroups
	Register  ::  Log in Log in to check your private messages
	maclema.com Forum Index » General Discussion » Server Scrambler  Server Scrambler « View previous topic :: View next topic »  Author Message maclema Posted: Mon May 07, 2007 11:47 pm    Post subject: Server Scrambler Site Admin Joined: 07 May 2007 Posts: 29 Note: I have not tested any of this code, this is more to give a general idea of how to create a server scrambler. The next release will contain a tested ServerScrambler actionscript class. Java Class: Code: package com.maclema.mysql.scramblers; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class Scrambler {    static byte[] scrambleSeed(String password, String seed) throws NoSuchAlgorithmException    {       MessageDigest md = MessageDigest.getInstance("SHA-1");       byte[] passwordHashStage1 = md.digest(password.getBytes());       md.reset();       byte[] passwordHashStage2 = md.digest(passwordHashStage1);       md.reset();       byte[] seedAsBytes = seed.getBytes();       md.update(seedAsBytes);       md.update(passwordHashStage2);       byte[] toBeXord = md.digest();       int numToXor = toBeXord.length;       for (int i = 0; i < numToXor; i++) {          toBeXord[i] = (byte) (toBeXord[i] ^ passwordHashStage1[i]);       }       return toBeXord;    } } JSP File: Code: <%@ page contentType="application/octet-stream" language="java" import="java.sql.*, com.maclema.mysql.scramblers.*" %> <%    String seed = request.getParameter("seed");    String password = "myDbPassword";        try    {       byte[] scrambled = Scrambler.scrambleSeed(password, seed);              response.getOutputStream().print( new String(scrambled) );    }    catch ( NoSuchAlgorithmException nsae )    {       //grr    } %> AS Class: Code: package com.maclema.mysql.crypto {    import flash.net.URLVariables;    import flash.net.URLRequest;    import flash.net.URLRequestMethod;    import flash.net.URLLoader;    import flash.events.Event;    import flash.net.URLLoaderDataFormat;    import flash.utils.ByteArray;        public class ServerScrambler extends MysqlScrambler    {       private var _scramble:ByteArray;       public function ServerScrambler(password:String)       {          super();       }              override public function scrambleSeed(seed:String):void       {          var data:URLVariables = new URLVariables();          data.seed = seed;                    var req:URLRequest = new URLRequest();          req.data = data;          req.method = URLRequestMethod.POST;          req.url = "scrambler.jsp";                    var ldr:URLLoader = new URLLoader();          ldr.dataFormat = URLLoaderDataFormat.BINARY;          ldr.addEventListener(Event.COMPLETE, onScrambled);          ldr.load(req);       }              private function onScrambled(e:Event):void       {          var ldr:URLLoader = URLLoader(e.target);                    _scramble = ldr.data;                    dispatchEvent(new Event("scrambled"));       }              override public function get scramble():ByteArray       {          return _scramble;       }    } } Back to top mooska Posted: Tue May 08, 2007 12:00 am    Post subject: Joined: 07 May 2007 Posts: 3 Isnt server side scrambler a bit ... useless ? If your code is opensource anyway, anyone can create his own app, connect to the serverside, scramble, and do anything with mysql server anyway ? Or does java have any way to prevent this and if scrambler will respond too late, you wont connect Yeah, Im whining Back to top maclema Posted: Tue May 08, 2007 12:14 am    Post subject: Site Admin Joined: 07 May 2007 Posts: 29 Everything you say is valid. I am just providing alternatives to developers. Honestly its up to the individual developer to decide on how to protect the password. Back to top mooska Posted: Tue May 08, 2007 12:19 am    Post subject: Joined: 07 May 2007 Posts: 3 My way of doing this, would be not playing with client side, since its no use. I would prefere to put some work into showing how it should be done with stored procedures. What sniffer do you use ? Ive used Wireshark, but it does not support localhost. Back to top maclema Posted: Tue May 08, 2007 12:21 am    Post subject: Site Admin Joined: 07 May 2007 Posts: 29 I have not needed a sniffer yet so I don't have a preferred choice yet. Back to top mooska Posted: Tue May 08, 2007 12:28 am    Post subject: Joined: 07 May 2007 Posts: 3 Hmm, so how did you manage to implement this ? Just a plain copy from java ? Back to top maclema Posted: Tue May 08, 2007 12:33 am    Post subject: Site Admin Joined: 07 May 2007 Posts: 29 My initial project was somewhat a copy from java but that did not work at all. So I resorted to the MySQL Client/Server Protocol documentation. http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol Back to top Franklin Posted: Thu Oct 16, 2008 1:32 am    Post subject: Joined: 16 Oct 2008 Posts: 9 Karna si http://www.ellieshoess.com/ http://www.ellieshoess.com/birkenstock-shoes.html http://www.ellieshoess.com/allen-edmonds-shoes.html http://www.ellieshoess.com/minibel-shoes.html http://www.ellieshoess.com/adidas-shoes.html http://www.ellieshoess.com/ecco-shoes.html http://www.ellieshoess.com/michelle-k-shoes.html http://www.ellieshoess.com/converse-shoes.html http://www.ellieshoess.com/clarks-shoes.html http://www.ellieshoess.com/charles-david-shoes.html http://www.ellieshoess.com/paris-blues-shoes.html http://www.ellieshoess.com/born-shoes.html http://www.ellieshoess.com/rockport-shoes.html http://www.ellieshoess.com/puma-shoes.html http://www.ellieshoess.com/new-balance-shoes.html http://www.ellieshoess.com/petit-shoes.html http://www.ellieshoess.com/mephisto-shoes.html http://www.ellieshoess.com/lacoste-shoes.html http://www.ellieshoess.com/dekline-shoes.html http://www.ellieshoess.com/franco-sarto-shoes.html http://www.ellieshoess.com/dan-post-boots.html http://www.ellieshoess.com/skechers-shoes.html http://www.ellieshoess.com/stuart-weitzman-shoes.html http://www.ellieshoess.com/chinese-laundry-shoes.html http://www.ellieshoess.com/natural-sport-shoes.html http://www.ellieshoess.com/nickels-soft-shoes.html http://www.ellieshoess.com/naughty-monkey-shoes.html http://www.ellieshoess.com/on-your-feet-shoes.html http://www.ellieshoess.com/bcbg-max-azria-shoes.html http://www.ellieshoess.com/north-face-shoes.html http://www.ellieshoess.com/eastland-shoes.html http://www.ellieshoess.com/monsac-handbags.html http://www.ellieshoess.com/ocean-minded-sandals.html http://www.ellieshoess.com/taryn-rose-shoes.html http://www.ellieshoess.com/michael-kors-shoes.html http://www.ellieshoess.com/nurse-mates-shoes.html http://www.ellieshoess.com/lakai-shoes.html http://www.ellieshoess.com/laundry-shoes.html http://www.ellieshoess.com/olukai-sandals.html http://www.ellieshoess.com/laredo-boots.html http://www.ellieshoess.com/josef-seibel-shoes.html http://www.ellieshoess.com/tommy-hilfiger-shoes.html http://www.ellieshoess.com/la-sportiva-shoes.html http://www.ellieshoess.com/auditions-shoes.html http://www.ellieshoess.com/life-stride-shoes.html http://www.ellieshoess.com/easy-street-shoes.html http://www.ellieshoess.com/draven-shoes.html http://www.ellieshoess.com/nana-shoes.html http://www.ellieshoess.com/kamik-shoes.html http://www.ellieshoess.com/keds-shoes.html http://www.ellieshoess.com/macbeth-shoes.html http://www.ellieshoess.com/me-too-shoes.html http://www.ellieshoess.com/heelys-shoes.html http://www.ellieshoess.com/roxy-shoes.html http://www.ellieshoess.com/lb-evans-slippers.html http://www.ellieshoess.com/magdesians-shoes.html http://www.ellieshoess.com/rocky-boots.html http://www.ellieshoess.com/danner-boots.html http://www.ellieshoess.com/mezlan-shoes.html http://www.ellieshoess.com/osiris-shoes.html http://www.ellieshoess.com/oh-shoes.html http://www.ellieshoess.com/tony-lama-boots.html http://www.ellieshoess.com/crocs-shoes.html http://www.ellieshoess.com/rsvp-shoes.html http://www.ellieshoess.com/naot-shoes.html http://www.ellieshoess.com/element-shoes.html http://www.ellieshoess.com/propet-shoes.html http://www.ellieshoess.com/oilily-shoes.html http://www.ellieshoess.com/trotters-shoes.html http://www.ellieshoess.com/nicole-shoes.html http://www.ellieshoess.com/nina-shoes.html http://www.ellieshoess.com/nomad-shoes.html http://www.ellieshoess.com/rebels-shoes.html http://www.ellieshoess.com/chaco-shoes.html http://www.ellieshoess.com/dexter-shoes.html http://www.ellieshoess.com/oakley-shoes.html http://www.ellieshoess.com/brooks-shoes.html http://www.ellieshoess.com/oh-deer-shoes.html http://www.ellieshoess.com/joey-o-shoes.html http://www.ellieshoess.com/marc-ecko-shoes.html http://www.ellieshoess.com/simple-shoes.html http://www.ellieshoess.com/old-maui-shoes.html http://www.ellieshoess.com/gbx-shoes.html http://www.ellieshoess.com/lucchese-boots.html http://www.ellieshoess.com/gola-shoes.html http://www.ellieshoess.com/nyla-shoes.html Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First     Page 1 of 1 maclema.com Forum Index » General Discussion » Server Scrambler Jump to: Select a forum asSQL----------------General DiscussionBugsFeature Requests Flex 2----------------General Discussion  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
	DAJ Glass (1.0.8) template by Dustin Baccetti EQ graphic based off of a design from www.freeclipart.nu Powered by phpBB © 2001, 2005 phpBB Group