anonymous75178 Posted January 20, 2011 Share Posted January 20, 2011 I'm creating a registration form using AJAX. My question is, if I'm dealing with passwords, when is the best time to encrypt? 1. Do I send the password without encryption to the php file then encrypt it? 2. Do I encrypt the password using JS then submit to the php file? 3. Should I do something else? Link to comment https://forums.phpfreaks.com/topic/225041-best-practice-for-encrypting-passwords-between-js-and-php/ Share on other sites More sharing options...
President Obama Posted January 24, 2011 Share Posted January 24, 2011 Encrypt it then send it to the php file. Theres a good article on it somewhere that I used, you have to a crypt library. Link to comment https://forums.phpfreaks.com/topic/225041-best-practice-for-encrypting-passwords-between-js-and-php/#findComment-1164335 Share on other sites More sharing options...
raknjak Posted January 25, 2011 Share Posted January 25, 2011 I was told it is useless to use a JS function to encrypt passwords since it can be decrypted as easily as it can be encrypted at all times. Visitors have access to your scripts at all times. You could use a secure 2-way encryption algorithm but it is complicated. Also, users can always disable JS so you MUST ecrypt server-side (for example before you verify against a database entry). Off course, anyone with better understanding can correct what I claim here. good luck Link to comment https://forums.phpfreaks.com/topic/225041-best-practice-for-encrypting-passwords-between-js-and-php/#findComment-1164956 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.