Reputation: 5458
posting plain-text password, are there other options
Im dealing with legacy code here.
There's a HTML form with username/password inputs.
The form is then sent to the server (using SSL), and the password is compared to the database value.
Question: is there a way to "hide"(encrypt) the password while it is sent to the server?
Even if I'm storing the hashed-password and unique user-salt in the database,
the password is at risk while being sent by the user.
How do the professionals do it?
**EDIT: Im planning on storing the password as a hash, with a unique salt.
If anyone gets a hold of the password (if SSL is compromised) does that mean that a hacker can gain access without a problem?
Upvotes: 0
Views: 128
Answers (2)
Reputation: 3295
You may use some javascript program at client side to encrypt the password. But that requires the user to execute that script, which can be a problem:
- Some users cannot execute that script, because they access your page with a program that does not support javascript. An example could be a program that is intended to load the page and get some specific value out of it.
- Some users don't want to execute that script.
So, hiding the password while being sent to the server is not that easy.
Anyway, you mentioned that you send the data using an SSL-encrypted connection. That is the usual (and usually secure) approach for that situation. The disadvantage is that, if your SSL implementation has a flaw (eg. the Heartbleed bug), your passwords are usually broken, unless you do not use the server key for encrypting the connection data (this is called Perfect Forward Secrecy).
Regarding your database, you should never store plain-text passwords in it, unless you are required to do so without the possibility of changing that requirement. You always should store the salted password hashes.
Upvotes: 0
Reputation: 779
In a regular username/password login, the password is always sent to the server. Ideally, the server then hashes the password input and compares to the hash stored in the database - using a unique salt for every password. Like @Sneftel said, when you use SSL the passwords aren't being sent in plaintext.
Think about it; if only the password hash was sent to the server, and the server compares that to the hash in the database - how would that be any different from just storing the passwords in plaintext in the database? It would be enough for any attacker to get the hash in order to get entry into the system.
The security issue here would be that the password themselves are stored in plaintext in your database - that's not a good idea. There are a few tips here: http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
Upvotes: 2
Related Questions
- Sending passwords to server in a secure way
- PHP - Is plain text http POST to external server secure?
- Is posting unencrypted passwords to an HTTPS server unsafe?
- SSL Alternative - encrypt password with JavaScript submit to PHP to decrypt
- Securely send a Plain Text password?
- send information secured over ssl using a php form POST function
- Hashing or use SSL to send username and password to external site
- SSL post in php
- POST data encryption - Is HTTPS enough?
- secure way to deliver password over URL?