Posted 12 February 2008 - 05:14 PM
Hi guys, im doing a project on web access security and im pretty much a newbie to both php and html. My current setup goes like this. I use an html form which takes a password and then passes it to another pages which uses php and does an md5 hash on the password and stores it in a database(txt based) when a user creates an account. The problem with this though is the password is transfered as cleartext before it gets hashed so people sniffing the line could pick it up. Is there a way i could encrypt the password on the clientside before it is sent server side to be stored into the db?? As a note, i can't use SSL which is pretty dumb.
Intel E8400 4ghz | DFI Blood-Iron P35 | EVGA 9800GTX+
2x 320GB Seagate 1x 500GB Seagate 1x 1.5TB Seagate | 4GB G.Skill pc8000 PQ
AXP 1.4ghz 200FSB 7x | Abit NF-7s | 6800GS
200GB Seagate | 1gb Corsair XMS pc3200 2-2-2-11