Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am new in SSL, whatever i read and know that its paid digital certificate and after using SSL in website https:// the data transfer is secure at network layer.
In my application i don’t have much security concern except loginname and password.
Is there any way to protect Loginname and password without using SSL https://
There are a number of authentication schemes which can work securely over plain HTTP. The most common of these is Digest, which is supported by all major web browsers and virtually every web programming framework.
The down-side of using Digest for web sites is that:
The authentication is handled by the browser itself rather than a login page on the web site, which doesn’t look nearly as nice, and doesn’t allow you to have all the surrounding helper functions like “forgot your password?” that we’ve come to expect nowadays.
If you have no SSL connection, savvy users may feel worried that they are sending their password insecurely (even though they aren’t) because they’ve been trained to look for an SSL connection when entering credentials.
There are other schemes such as OAuth which also are safe over plain HTTP, but that is really more for APIs than web sites, so probably isn’t what you want.