I’m following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html The thing I don’t fully understand is what

Question

0

Asked: May 26, 20262026-05-26T09:29:06+00:00 2026-05-26T09:29:06+00:00

I’m following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html The thing I don’t fully understand is what

0

I’m following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html

The thing I don’t fully understand is what is the gain by doing this? The secret word is posted in the form, so anyone who might be sniffing would surely see that secret word, as well as the javascript and be able to figure out the password anyways. Does it really make sense to do this?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T09:29:07+00:00

Editorial Team

2026-05-26T09:29:07+00:00Added an answer on May 26, 2026 at 9:29 am

An eavesdropper would not be able to derive the password, because they only know:

the secret word
the hash of the secret word/password combination

Since hashes are one-way, you cannot derive the password itself from these.

What you gain: The user has set up a password which the server is able to verify, without having to send the plaintext password itself.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m following the example on http://marakana.com/blog/examples/php-implementing-secure-login-with-php-javascript-and-sessions-without-ssl.html The thing I don’t fully understand is what

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply