Menu
Does someone have an example and how is it secure to adopt this method?
358
If you're not using SSL, then you're not secure, but that's not the only reason.
SSL protects the actual communication, whereas encryption protects the data you are communicating. You should not even be encrypting the passwords at all. You should be making a hardened hash of the information. A hash is a one-way function (cannot be reversed), whereas encryption is two-way function(can be reversed). Hash hardening and use includes:
SHA512 a couple of thousand times or using something like BCrypt.You have to remember that security is built in layers. By skipping SSL, you're skipping a large portion of it. At the very least you can use makecert to create a self-signed certificate. All that will happen is that the user will be warned about it. A good SSL certificate can cost as little as $12.99 on GoDaddy. I recommend getting one as well as implementing the above.
144
You can do SSL without paying for a certificate, and this method get you secure only browser get information about your certificate is not qualified.
Read about this http://www.akadia.com/services/ssh_test_certificate.html
26
It's probably not secure at all. SSL really is the way to go; if you can't afford a certificate, you can always make your own. Obviously those won't validate up to one of the trusted root authorities, but they are just as secure - the identity of your website will not be confirmed by a trusted third party, but the connection itself will be just as securely encrypted.
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
