How to encrypt form data?

php html forms encryption passwords
14,442

Solution 1

SSL is the answer. The only answer.

However, if you must try go go with a home brew solution here is an idea to consider:

  • Have the PHP code provide Javascript with the current time stamp.
  • You take the password the user enters, append the time stamp, then encrypt it.
  • Pass back the encrypted password to the server with the time stamp.
  • Have the server make sure that the returned data is recent, let it check the encrypted password against its own math.
  • If the time stamp is too old or has been used to log in already reject it.

This is still a lousy idea, but it isn't as lousy as sending plain text passwords.

Use SSL. Really.

Solution 2

Using a secure SSL connection is the only real way to ensure the form data is encrypted. However you could use a bit of JavaScript to encode the password in some way before sending. It won't provide much security (since anyone who can view your site can see the JavaScript and reverse-engineer it) but it does at least avoid sending plain-text passwords around.

Share:
14,442
lonewaft
Author by

lonewaft

Stumbling through code to somehow make things work

Updated on June 26, 2022

Comments

  • lonewaft
    lonewaft almost 2 years

    I have a login form that will submit id and password to a php file which will then check that id and pw against data in an SQL database. How can i encrypt the outgoing form data to make sure nobody can see it until it gets to its destination? the login form code is

    <html>
<head>
<title>
Login page
</title>
</head>
<body>
<form name="login" action="fetchalldata.php" method="post">
Username : <input type="text" name="userid"/>
Password : <input type="password" name="pswrd"/>
<input type="button" name="submit" value="Login"/>
</body>
</html>

    would prehashing the password on the database and sending a hashed password be more effective?

  • Admin
    Admin over 11 years
    More importantly, if a user of your site is being MITMed, the attacker can easily disable whatever script is performing the encryption, or modify it to send them a copy of the clear text. Javascript encryption over HTTP is fundamentally unreliable.
  • The Alpha
    The Alpha over 11 years
    @duskwuff, He mentioned it here It won't provide much security (since anyone who can view your site can see the JavaScript and reverse-engineer it) but it does at least avoid sending plain-text passwords around.
  • PeeHaa
    PeeHaa over 11 years
    I think you forgot to mention that OP really should use SSL. :)
  • Jeremy J Starcher
    Jeremy J Starcher over 11 years
    @PeeHaa -- Oh.. sorry. I'll have to fix that. Thanks for the heads up.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create a simple password form / script with redirection? (a tiny bit of security needed also)
Store textbox values in php array
Inserting data into SQL table from HTML form
Passing POST data through form onto the same page
Inserting and retrieving data in MySQL using PHP through Ajax
Undefined index when submitting HTML form via POST method
How to properly store a PBKDF2 password hash
How do I redirect to an HTML page after submitting a PHP email form?
Form sends GET instead of POST
Opening a form submitted message in a centered popup window