Menu
I'm developing website where user submit credentials using ajax,php and using POST method and i want to protect login credentials not in plain text but i don't want to use SSL can i secure password credentials without using SSL certificate ??
Can anyone give me working example of any method ?
927
You cannot completely secure the credentials without some out-of-channel verification (which SSL provides); a man in the middle attack will always be possible.
Put simply, there is no way for the client to be completely sure that they are talking to the server instead of a fake server inserted somewhere in between.
71
You can use a provider like OpenID who will handle the authentication for you. The provider uses SSL to verify the credentials and then you can validate it by using their API, so the user never actually sends credentials to your page.
Getting started with OpenID
36
maybe this helps you: Two-way password encryption without ssl
40
In short .. no.
You can try but I don't think there is a method I can imagine in javascript or any other in-browser way to secure your posted data.
The problem is in the encryption side, doing a good strong public-private crypto in javascript doesn't sound feasible to me.
I'm also kind of curious about the why part . .
. . still pondering on some possible method. . will update post if something pops up.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
