Menu
I have a web application (Java) that I am trying to launch. The user needs to login to the system to use the features. So there are two parts to this application:
1) User Registration
2) Login
My concern is how secure is my method of transferring username/password data from the web browser to the server.
I am very lost on this one as I am not really sure how to securely send data from the web browser to the server.
I have the following setup:
<< Client >> ------------------------------------------------------<< Server >>
[Request a token] ------------------------------------------------------------->>
<<--------------[Sends a randomely generated token from the session ID]
[Client Computes hashedSecret = SHA1(token + SHA1(password))]
[Send Array:[username, hashedSecret]]----------------------------------->>
[Server queries SHA1(password) for username from the database]
[Server computes expectedSecret = SHA1(token + SHA1(password))]
[Server compares hashedSecret with expectedSecret]
What I would like to know is how to securely register users and if my login is secure enough.
Thanks
281
It seems … overly complex. Just use SSL, it is the industry standard and good enough for banks.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
