I have no ideas to encrypt the user input password from the text
box.....
box.....
-
-
Re: How to use GET method to encrypted the password to transfer?
I have no ideas to encrypt the user input password from the textTo put it simple: you can't, unless you use a secure connection.box.....
>
I mean, using javascript, you can, but that javascript has to run on the
client, making it possible to decrypt it again by just looking at the
source code.
You can install some compiled program (activex control, for example) if
you are in an intranet situation.
For the public internet, get a secure (htpps) connection _before_ you
submit the login details. The secure connection then takes care of the
encryption details.
Best regards
-
Re: How to use GET method to encrypted the password to transfer?
phforum wrote:
are you wanting to have it encrypted so its safe during transfer overI have no ideas to encrypt the user input password from the text
box.....
the internet, or want it encrypted so you can store in a database? as
someone suggested you need to get a ssl certificate and use https:// to
transfer it encrypted, they cost money, if you just want to encrypt the
password after your php script receives it then you can use $password =
md5($password); md5 encryption is irreversable.
Flamer.
Comment
-
Re: How to use GET method to encrypted the password to transfer?
flamer die.spam@hotmai l.com wrote:Certificates cost money if you purchase them from a commercial & trustedphforum wrote:
>>>I have no ideas to encrypt the user input password from the text
>box.....
are you wanting to have it encrypted so its safe during transfer over
the internet, or want it encrypted so you can store in a database? as
someone suggested you need to get a ssl certificate and use https:// to
transfer it encrypted, they cost money, if you just want to encrypt the
password after your php script receives it then you can use $password =
md5($password); md5 encryption is irreversable.
>
Flamer.
>
Certification Authority. There is no law against generating your own
certificate (you probably need to obtain OpenSSL if it isn't already
present on your system), nor does doing so make the encryption less
strong. Only a self-generated certificate will not be trusted by
everyone, as there is no independent party vouching for your certifcate
identity. The added value of buying a license comes from the increased
trust you may get by others. For many uses you can do well without. If
my bank didn't have a properly third party signed certificate I would
become wary to use their https connection though....
md5 strictly speaking doesn't encrypt the password, it creates a hash
value. It IS true the hash value can NOT be used to compute a unique
password. (Theoretically there are several password strings that would
match the same md5 hash, but chances a randomly chosen password will
produce the hash you require are very slim.). Storing hashed values in a
db rather than plaintext is recommendable practice in any live environment.
Sh.
Comment
Comment