Jump to content

Dumb login question


X51

Recommended Posts

I have been reading (here and on the internet) about login security, and I have now formulated a dumb question to ask.

 

Not having a secure connection is there any way to NOT send plain text over the internet. In other words, when you have a login form plain text is entered. It is then passed to some type of encryption (hash, md5, sha1) BUT is the password always vulnerable between these two?

 

And just for the record I am asking this because McAfee Secure is giving me a rash of (insert your favorite word here) about my login form which encrypts using sha1.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/
Share on other sites

Correct. Unless you are using SSL (i.e. https) the data submitted by the user is transmitted in plain text. McAfee has no knowledge of what hashing (SHA is hashing not encryption) you are using on the server - so I don't know what it is reporting on.

 

You *could* use some javascript to obfuscate the input before it sends the data. But, to be honest, you then open yourself up to a whole host of potential errors and wouldn't be worth it IMHO.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/#findComment-1126843
Share on other sites

Thanks for the answer. Basically McAfee says passwords being sent over the internet in plain text leaving me open to a man in the middle attack when they do a scan. For now I have just removed the login since it isn't anything important to keep them happy.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/#findComment-1126845
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.