how can I protect against capture during encryption/salt for php ajax login

If a password is encrypted before ajax, what is to stop a hacker from capturing the encrypted password and using it to log in?

Should a unique salt be sent from the backend beforehand?
Wouldn’t a hacker be able to capture that too?

background to my question:
I worked through this tutorial
http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
summary of tutorial
browser side encrypts password before sending it to backend where it is stored in db

From that link, the first comment stuck in my mind
“what’s to prevent a hacker from capturing the hashed password and logging in?”

Leave a Reply

*

Hire Me
Follow Me!
Search
Most Popular Articles & Pages
Because your vote is Important
Sorry, there are no polls available at the moment.
Categories