1

I have a registration page which has the following password entry control:

<input type="password" />

What is the best way to send this password to the server and then save it into a database for later comparison when login in?

Improve this question
5
  • I did a quick search and found nothing obvious from the first few results which showed how to not send passwords in the form of text from the client to the server. I just saw something about https, but that is not an option at the moment. Please feel free to down vote if it makes you happy. But personally, I don't think you read my question properly. If we could down vote comments, I would not think twice to down vote your comment. So please, don't hold back the down votes. ;) Commented Mar 26, 2011 at 13:59
  • There is NO good way to send password to a server, you have to hash it and store the hash! Commented Mar 26, 2011 at 14:24
  • Without a "name" attribute on that input element, nothing will get sent anyways. Commented Mar 26, 2011 at 14:44
  • @Adrian: Gee, then how do login systems work? Depending on the client to do the hashing (and exposing your salts and hash algorithms) is really secure... Commented Mar 26, 2011 at 14:45
  • Sorry I read the question too quick and interpreted it as about hashing and storing passwords.... Commented Mar 26, 2011 at 16:51

3 Answers 3

Reset to default
3

The best way is to use HTTPS. HTTPS protects traffic from client to server and was designed specifically for this. You dont need to encode anything at this level. @Adrian link post is about storage of the passwords in a database and you will get there useful info. Just remember not to save the passwords directly, save either hashes either heavily encrypted versions.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is https the only way to securely send passwords from the client to the server?
the other way is not to send them at all. using oauth or openid or other authentication system that don't involve a password.
1

See this answer here:

Best way to encode passwords in PHP

Improve this answer

Comments

0

As @Elzo suggested, HTTPS must be used when passwords and privacy data are involved. HTTPS is useful for network data transmissions. Now, about password storange security... the password must be saved using oneway hashing algorithm like md5 (you can use the md5() function in php). Don't store clean passwords in the db. Then, when the user will log in, the server side script will receive the password and it will check the corrispondence between the md5("userpasswordinput") sended by user through the html form and the value stored in the db table (previosly encoded as md5).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.