• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to securely send password to website

 
Vladas Razas
Ranch Hand
Posts: 385
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I would like to use form authentication, i.e. login page for users to authenticate. However I don't want neither user name nor password to be sent unencrypted. Is there a way to do it (using form authentication...)? Even my bank uses form authentication and only once I enter login/password it switches to HTTPS, so I assume my password is not transfered securely?
My best regards
 
Vladas Razas
Ranch Hand
Posts: 385
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Clarification: I write servlets and JSP. I am not trying to send password to other websites, I just want users to login to my site securely.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTPS negotiates a secure (encrypted) channel between the client and the server before any data is sent, so the username and password are encrypted when being sent to the server even if the secure connection is negotiated after you press the 'login' button.
A couple of side points to make though:
* You have to POST the data, if you use the GET method to send the username and password they aren't secure.
* Also, never ever send the password back to the client. Not to pre-populate a password field, not as a password reminder, not in a registration page, not even if the page is encrypted, never, not ever.
* If you want to encrypt your site, you'll need a signed certificate. You can buy an official one for production sites, or you can create your own self-signed certificate if you are just playing around.
Dave
 
Vladas Razas
Ranch Hand
Posts: 385
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But the user will also have to get certificate?
What's wrong with password postback? It's not encrypted?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic