Jump to content

is javascript encryption for a login system safe?


Recommended Posts

Hi all

 

I would like to know whether it is possible or not to build a secure inlog script. The script I have as example is mainly in php.

 

I read a couple of tuts online and watched some youtube video's and discovered that both javascript and php are used.

 

I dont know much about encryption but more and more questions are rising .....

 

Is it true that it is possible to add javascript encryption wen you want a user to login ?

 

My own idea is that this looks quite insecure as anybody can see the encryption code.

 

 

I have more questions but first i would like to know this if possible.

Link to post
Share on other sites

I think it is a fun idea to play with but the only solution that is considered secure is the use of a security certificate, and even the certificate system is being hacked on a regular basis though the use of bogus or stolen certificates.

Link to post
Share on other sites

 

And how vast is ' a multitude ' according to you?

 

I don't have the statistics but ordinary low-cost shared-hosting accounts can't use certificates unless they use the shared server certificate.

Link to post
Share on other sites

Shared hosting accounts can use certificates, it's just that people don't bother to buy them. Certificates go by domain name, not by server.

Link to post
Share on other sites

And, no, Javascript encryption is pointless. When you either hash or encrypt data that you're saving in a database that should only be done on the server, not in the browser.

 

I see.

 

For me the entire matter is still a bit perilous.

 

But if I use html and the password attribute and have that sent by SSL/TSL towards the server and store the password encrypted in the database then it is safe?

 

I'm asking this because I'm looking for the right method. If there is one; at least. (there could be more namly)

Link to post
Share on other sites
  • 2 weeks later...

Is it safe from what? What specifically are you trying to protect against? It's safe against man-in-the-middle attacks if you're using an SSL certificate from a recognized CA. It's not safe if someone gets into your server and takes your code and database.

 

In general, you want to hash passwords that are stored on the server, not encrypt them.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...