Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m making a game and I can only request pages. eg.(login.php?username=myuser&password=mypass)
The game can recieve the results from a php too.
At the moment the password is encrypted. What’s the best way of achieving a safe method of logging in?
thanks
Use SSL. That will encrypt the password over the wire.
Don’t send the raw password, either. Hash it and send the hash.
That’s still not going to give you great security because the hashed password will still be in the browser history and could be used for a replay attack. You can mitigate this by using a challenge-response mechanism. Get the server to include a large random sequence of bytes (a nonce) along with the login page, then the client can XOR the password hash with this nonce and send the result. The server can apply the same XOR to obtain the original hash.
SSL will prevent eavesdropping, sending the hash will make things a little harder for a casual attacker, and the nonce will prevent replay. That’s probably not a complete list of things to look out for, but it’s a start.