November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
LogOn sequrity
Hi,
I think that you need to prepare custom solution.
One of the possibility i to encrypt user and password on client side. You need to generate the key on the server and store it in session. Then pass the public key to client side. On the client side when authenticating user encrypt credentials using public key.
Here is an example of implementation: Secure AJAX Authentication without SSL
Sep 17, 2015 10:14
Hi,
No matter how you encrypt your data, it's just not safe if you use http. https is now cheap - both in term of certificate and processing power. Use it for your sensitive data, if not every where.
I would personally strongly advise against any kind of non-https solution, and I believe any security experts would do same, too.
/Q
Sep 17, 2015 15:14
Thank you guys for your responces.
I'm with you that it's better to use https in such case.
Sep 17, 2015 17:41
Hi all,
Do anybody know id there is a way to encrypt username and password when login into the system?
We use http and would like to avoid sending credentils in plain text.
Thank you in advance.