Reputation: 2967
Encrypting HTML Forms
I wrote a simple demo html (SSL enabled) forms to access some university services thru it. It requires the user to login with his university ID first .
My question is , how to encrypt the logins data even from me the owner of this page ? Is it possible ? so that the user can confidently use this.
Upvotes: 2
Views: 365
Answers (1)
Reputation: 100220
You could use HTTP Digest Authentication which does challenge-response authentication and always sends password hashed.
The problem with Digest is that UI for it is ugly and logging out is left up to the browser (you can't have a reliable logout link).
Alternatively you could implement your own challenge-response mechanism in JavaScript, e.g. http://code.google.com/p/crypto-js/
but it's rather pointless, because the user doesn't have any guarantee that you're doing it, and that you won't replace the secure script with an insecure one in the future. As the site owner (or somebody that hacks your site) you could change the script and "steal" passwords at any time.
SSL is good. That's the best real security you can do client-side.
You can ensure that you're storing passwords securely on server-side — hash it with a slow hash such as bcrypt (not md5/sha1) and use unique salt for every password.
Upvotes: 2
Related Questions
- JavaScript encryption function
- JS Encryption w/ HTML
- Encrypt html form data by custom encryption
- How to encrypt page source of a webpage
- Encrypted JavaScript
- Simple encrypting system
- Javascript encrypt
- How do I encrypt an HTML field in a form, and then decrypt it on the server?
- encrypting data on client-side via html5 javascript
- JavaScript to encrypt-decrypt html files