How can we encrypted user credentials when they are transmitted with php? (in login forms)
Thanks
How can we encrypted user credentials when they are transmitted with php? (in login
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can we encrypted user credentials when they are transmitted with php? (in login forms)
Thanks
“user credentials” are not just the username and password. A user credential is any data that is used for authentication. There is no point in using https for the login page if you just spill the session id a few milliseconds later by using http. The session id, is a credential and must be protected just like a username/password.
You must use https for the entire session. Spilling the session id over HTTP is a clear violation of The OWASP top 10: Broken Authentication and Session Management.