LogOn sequrity

Vote:
 

Hi all,

Do anybody know id there is a way to encrypt username and password when login into the system?

We use http and would like to avoid sending credentils in plain text.

Thank you in advance.

#136599
Sep 17, 2015 9:22
Vote:
 

Hi,

I think that you need to prepare custom solution.

One of the possibility i to encrypt user and password on client side. You need to generate the key on the server and store it in session. Then pass the public key to client side. On the client side when authenticating user encrypt credentials using public key.

Here is an example of implementation: Secure AJAX Authentication without SSL

#136616
Sep 17, 2015 10:14
Vote:
 

Hi,

No matter how you encrypt your data, it's just not safe if you use http. https is now cheap - both in term of certificate and processing power. Use it for your sensitive data, if not every where. 

I would personally strongly advise against any kind of non-https solution, and I believe any security experts would do same, too. 

/Q

#136742
Sep 17, 2015 15:14
Vote:
 

Thank you guys for your responces.

I'm with you that it's better to use https in such case.

#136750
Sep 17, 2015 17:41
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.