Safe way to pass user passwords in php

Hi, I'm on Google now to find the best way to send user information (including password) over the internet. Our servers do not have SSL installed. therefore, a very simple and secure way to send user information is needed. In the future, my boss wants to extend it to connect to desktop applications written in .net (C #). so the methods must be .net compatible as well. I need some advice or something else that I can get a good idea for developing a better solution.


source to share

4 answers

Some thoughts:

  • Use TLS / SSL. Indeed. A web server certificate is available for free these days.
  • Use TLS / SSL. I really mean it. It's not naive to think that you can make a home brew solution, no matter what complex encryption algorithm you can imagine, that can outperform the previous secure and easy implementation since TLS / SSL is there.
  • To solve the scenario with web clients and desktop clients, you should take a look at OAuth .


If you mean sending the password from the login form to the server in a secure way, there is nothing better than SSL. You can try implementing a system like public key encryption, but I think it would be easier to enable SSL ...

To store passwords, just use an encryption function like sha1

If you mean user authentication in a desktop application, you can implement oauth , which is not very difficult and provides a very secure way to do it.



This approach is called Digest Authentication and is fairly straightforward to implement.

However, in order to use it, you must store passwords in plain text; you cannot use it with hashes.
Which, from my point of view, makes it completely impossible to use.



1 curl (simple)
2d md5 encryption method

3 web services (complex)



All Articles