Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to encrypt form data?

Tags:

html

forms

php

passwords

encryption

I have a login form that will submit id and password to a php file which will then check that id and pw against data in an SQL database. How can i encrypt the outgoing form data to make sure nobody can see it until it gets to its destination? the login form code is

<html>
<head>
<title>
Login page
</title>
</head>
<body>
<form name="login" action="fetchalldata.php" method="post">
Username : <input type="text" name="userid"/>
Password : <input type="password" name="pswrd"/>
<input type="button" name="submit" value="Login"/>
</body>
</html>

would prehashing the password on the database and sending a hashed password be more effective?

like image 446
lonewaft Avatar asked Sep 06 '12 00:09

lonewaft

People also ask

How do you encrypt a form?

To set up Encrypted Forms for individual forms simply select Settings, and then, under Form Settings, switch Encrypt Form Data option to 'Yes'. By clicking on the Accounts page you can designate all future forms to be encrypted under Data tab. Using our Encryption Key Wizard you can create a secure private key.

What is the best way to encrypt data?

The two most widely used methods for data encryption are public key, also known as asymmetric encryption and private key, or symmetric encryption. Both rely on key pairs, but they differ in the way the sending and receiving parties share the keys and handle the encrypt/decrypt process.

What does it mean to encrypt a form?

transitive verb. If a document or piece of information is encrypted, it is written in a special code, so that only certain people can read it. Account details are encrypted to protect privacy.

1 Answers

SSL is the answer. The only answer.

However, if you must try go go with a home brew solution here is an idea to consider:

  • Have the PHP code provide Javascript with the current time stamp.
  • You take the password the user enters, append the time stamp, then encrypt it.
  • Pass back the encrypted password to the server with the time stamp.
  • Have the server make sure that the returned data is recent, let it check the encrypted password against its own math.
  • If the time stamp is too old or has been used to log in already reject it.

This is still a lousy idea, but it isn't as lousy as sending plain text passwords.

Use SSL. Really.

like image 141
Jeremy J Starcher Avatar answered Sep 28 '22 01:09

Jeremy J Starcher
Sign in to Comment

Related questions

Mongo get users whose id ends in a certain digit
Yii - CGridView - add own attribute
Adding X weeks to a date using PHP 5.2
Array to an unordered list
Clear MAMP (postfix?) Mail Queue on Mac OS X 10.6 / PHP Mail() Loop Failure
SQL query escaping + codeigniter
How to parse true and false string in an array to become booleans
Which is faster: "SELECT * FROM table" or "SELECT x,y,q FROM table" (from a table with 4 fields)
Relative URL's/paths in php
Outputting raw image stream rather than jpeg, on-the-fly image resizing
PHP Convert object to array
php, how to detect is a session ID is dead or alive? [duplicate]
How to check if a time offset is in daylight savings time?
Allow optional trailing slash when using optional parameter
Symfony2 Formbuilder auto escaping?
PHP - Google chart API - QR code margins not working (Bug or feature? )
CGridView custom column filter
How to pass custom data to a template
How can i retrieve all the records from a table in SugarCRM?
PHP operator difference && and "and" [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!