how can I protect against capture during encryption/salt for php ajax login

PostDateIcon November 25th, 2012 | PostAuthorIcon Author: Sudhir Tiwari

If a password is encrypted before ajax, what is to stop a hacker from capturing the encrypted password and using it to log in?

Should a unique salt be sent from the backend beforehand?
Wouldn’t a hacker be able to capture that too?

background to my question:
I worked through this tutorial
http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
summary of tutorial
browser side encrypts password before sending it to backend where it is stored in db

From that link, the first comment stuck in my mind
“what’s to prevent a hacker from capturing the hashed password and logging in?”

PostCategoryIcon Posted in Cake PHP, Core PHP, General, Jquery, Latest News, Magento, MySql
Total Views: 144 Today Views: 0

Leave a Reply

CAPTCHA Image
*

Hire Me
Follow Me!
Search
Most Popular Articles & Pages
Because your vote is Important
Sorry, there are no polls available at the moment.
Categories
Archives
Blogroll
Tags
ajax Answers apache api array Articles client Comments CSS CURL Database DOM download eshop eshop paypal pro extension Facebook fb google how to ini interview javascript Jobs jquery Magento MySQL PHP php5 php interview Questions scripting SEO server SQL status string tutorial tutorials twitter update web development Web Tutorials wordpress xml

Log in
Copyright © 2013 Sudhir Tiwari. All Rights Reserved.

Powered by Wordpress, Theme Design and Sponsored by tan wordpress templates and remote storage service