How to transfer the username and password in encrypted form from the form to the server?

T

titronfan2016-05-19 20:31:22

PHP

titronfan, 2016-05-19 20:31:22

Hello!
I have a couple of questions:
1) When filling out a form (login and password), how can I transfer this data not in its pure form, but in encrypted form to the server?
Everything is clear about the HTTPS protocol. But still - what are the ways to encrypt (possibly with a special encryption key) the transmitted login and password to the server?
I tried to do it with javascript using a special encryption algorithm and using a key (salt). Then I did the obfuscation of my js file with some "strong" obfuscation (one way obfuscation), which turned the login and password into a get request and sent it to the server. But it's still not an option in my opinion.
2) And the second question. Many people make session tokens in the form of a username and password.
The topic is obviously old. But it makes sense to do this if CURL can bypass it very quickly - and no token will help (from enumeration of passwords).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey, 2016-05-19
@titronfan

Use asymmetric encryption How to implement RSA encryption in javascript?
The public key can only encrypt the password, it will be possible to decrypt it only on the server.
About session cookies - maybe these are CSRF tokens?