Home/ Questions/Q 8890007
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T22:24:05+00:00

If a password is encrypted before ajax, what is to stop a hacker from

  • 0

If a password is encrypted before ajax, what is to stop a hacker from capturing the encrypted password and using it to log in?

Should a unique salt be sent from the backend beforehand?
Wouldn’t a hacker be able to capture that too?

background to my question:
I worked through this tutorial
http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
summary of tutorial
browser side encrypts password before sending it to backend where it is stored in db

From that link, the first comment stuck in my mind
“what’s to prevent a hacker from capturing the hashed password and logging in?”

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Nothing. Hashing the password on the client is a terrible idea.

    Communication between the browser and server should be properly encrypted using SSL (via HTTPS).

    Hashing on the client side has two effects:

    • It provides a false sense of security to the site owner by suggesting that it can substitute for SSL
    • It adds a dependency on JavaScript
    • 0