Do anybody know id there is a way to encrypt username and password when login into the system?
We use http and would like to avoid sending credentils in plain text.
Thank you in advance.
I think that you need to prepare custom solution.
One of the possibility i to encrypt user and password on client side. You need to generate the key on the server and store it in session. Then pass the public key to client side. On the client side when authenticating user encrypt credentials using public key.
Here is an example of implementation: Secure AJAX Authentication without SSL
No matter how you encrypt your data, it's just not safe if you use http. https is now cheap - both in term of certificate and processing power. Use it for your sensitive data, if not every where.
I would personally strongly advise against any kind of non-https solution, and I believe any security experts would do same, too.
Thank you guys for your responces.
I'm with you that it's better to use https in such case.