====== Ciform ======


===== Everyone can read your password ! =====

To understand what Ciform is made for, you first need to know one thing : when you submit a form on a website whose URL starts with "http" (not "https"), the data is sent over the Internet **in clear text** most of the time (if you know this already you can skip to the next paragraph).

That means that anybody "looking" at the data you send will see it in clear, including passwords ((Even if passwords are generally hidden on the screen, they are sent in clear text like any other field when the form is submitted)).

Let me explain : when you submit a form on the web, the data is sent from your machine to the website. But it does not go straight to it : it goes through a whole route of machines over the Internet until it reaches the server that corresponds to the web site you're surfing on. For instance, it could first go to your Internet access provider's gateway, then to the first router computer, then to another one, etc. up to the website's server.

It's [[http://www.google.fr/search?q=packet+sniffer|relatively easy]] to intercept the packets of data during this routing phase and read your data inside.

This is an important security issue of the Internet architecture, that is not always well understood by newcomers.

To remedy to this problem, the "https" protocol was invented : the data is then transmitted through a secure connection between your computer and the website, so nobody else can read it ((In fact, the data is still transmitted through the same route, but it is encrypted, making it impossible for others to read your data inside)).

However, https is still not so widely used, especially on free hosts, for different reasons (certificate cost, high processor and bandwidth consumption, ...).



===== What is Ciform ? =====

Ciform aims to be the "poor's replacement for https" : it encrypts web form fields before you submit them, so your data is not sent in clear text over the Internet.

To do that, it requires a Javascript-enabled web navigator, and a Ciform-enabled web site.

The first requirement simply involves that the users will use a recent version of a web navigator with Javascript enabled (see [[ciform:faq#supported_navigators|faq]]).\\
//For web admins : // the client-side part of Ciform (a Javascript library) will encrypt the fields given a set of options.

The second one means that the web site must integrate Ciform.\\
//For web admins : // the server-side part of Ciform provides a set of functions for integration with existing forms and decryption of the submitted data.


===== Where do I start ? =====

You could check [[Demo|the demos]] first, to see Ciform at work.

If you are a user seeking for privacy, you could ask the webmaster of the website(s) to add Ciform, or better : to provide https access.

If you are a webmaster / web developer, you could read [[Documentation|the documentation]] and [[Download|download the latest version]] of the libraries.