Sending passwords over the web
Posted
by Falmarri
on Stack Overflow
See other posts from Stack Overflow
or by Falmarri
Published on 2010-05-09T09:06:21Z
Indexed on
2010/05/09
9:18 UTC
Read the original article
Hit count: 221
So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes.
This is what the server looks like (in pseudocode)
$pass = $_POST['pass'];
if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS;
This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.
© Stack Overflow or respective owner