Jump to content

Recommended Posts

I have been reading (here and on the internet) about login security, and I have now formulated a dumb question to ask.

 

Not having a secure connection is there any way to NOT send plain text over the internet. In other words, when you have a login form plain text is entered. It is then passed to some type of encryption (hash, md5, sha1) BUT is the password always vulnerable between these two?

 

And just for the record I am asking this because McAfee Secure is giving me a rash of (insert your favorite word here) about my login form which encrypts using sha1.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/
Share on other sites

Correct. Unless you are using SSL (i.e. https) the data submitted by the user is transmitted in plain text. McAfee has no knowledge of what hashing (SHA is hashing not encryption) you are using on the server - so I don't know what it is reporting on.

 

You *could* use some javascript to obfuscate the input before it sends the data. But, to be honest, you then open yourself up to a whole host of potential errors and wouldn't be worth it IMHO.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/#findComment-1126843
Share on other sites

Thanks for the answer. Basically McAfee says passwords being sent over the internet in plain text leaving me open to a man in the middle attack when they do a scan. For now I have just removed the login since it isn't anything important to keep them happy.

Link to comment
https://forums.phpfreaks.com/topic/216916-dumb-login-question/#findComment-1126845
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.