encrypted password

[kazilian]

hhmm...not sure if this is possible, but i'll give it a shot. i want to encrypt the password from the html/php form to the webserver. i don't want someone to see the password in plain text from the end user to the server over the network if they were using a network sniffer. i'm using sessions to do my log-ins on an apache linux server. thx in advance.

kazilian
Protector of Wazil

 

[danomac]

Hmmm, I don't think that is possible. PHP is server-side processing. The transport used to send from client->server is http, and of course it isn't encrypted.

One thing you can do is set up SSL (which means you will need to get a certificate, etc.)

Then when you go to your https:// site, the data will be encrypted from the client to the server.

If I'm wrong someone kindly correct me.

D

 

[Westbury]

Depending on how secure you need this to be, you could use javascript to do some basic encryption before sending it to the server.

 

[kazilian]

kewl beans. thx a bunch. however, if danomac is wrong, i would like to hear the correct answer. but i believe you danomac what you mentioned did make sense. thx again.

kazilian
Protector of Wazil

 

[kazilian]

got any code samples or a link i can check out Westbury?

kazilian
Protector of Wazil

 

[danomac]

Well, you could look into client-side scripting like Java. I didn't even think of that.

D

 

[Westbury]

Check this thread in the Javascript forum on this site: thread216-256612

 

[sleipnir214]

If you're using Apache, I recommend implementing HTTPS using a self-signed certificate. Browsers will complain about not being able to verify the signature on the key, but the encryption is as strong as any HTTPS connection.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[danomac]

sleipnir: good point

But you can install a trusted certificate on the client's machine.

D