how can i implement a secure transfer from login form on client to server in php?
i mean coding password and user ,something except using https.
how can i implement a secure transfer from login form on client to server
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
how can i implement a secure transfer from login form on client to server in php?
i mean coding password and user ,something except using https.
HTTP Digest authentication can work without requiring SSL.
But it has the same problems as other HTTP authentication. E.g. there’s no logout function, you can’t control the look & feel of the login UI, no integration between login credentials and your application-specific user account data, etc.
I agree with @Charles — just use HTTPS when sending sensitive data.
Re your comment:
At the start of your login.php script, check if the request is https and if not then redirect to the correct url.
Alternatively you could use an Apache rewrite rule:
Also, remember that you don’t care if the client read the page with the login form with plain http. You care if the client submits the form insecurely, because that’s the request that contains the user’s password. So the above advice applies if login.php is the script that processes the login form.