Menu
I am using jQuery Ajax to login a user. Right now, I use JS to grab the values from the username and password textboxes and send them to a aspx page which checks the credentials. It then returns JSON letting the user know if they are logged in or not. Everything works well, but I noticed while using Firebug that the password was being sent in plain text.
What is the best way to encrypt the password? (BTW, I am not on a HTTPS server)
430
Bcrypt could be your friend. And there is also an implementation in Javascript named jsBCrypt. I highly recommend reading this insightful article: Storing passwords in uncrackable form.
But: Be careful! If you do not use SSL or a server provided nonce, you may be vulnerable to man in the middle attacks. If someone reads the (unencrypted) traffic between your client and the server, he gets the encrypted password. And it is enough for him to use it to authenticate against the server whenever he wants without knowing the real password..
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
