Sending passwords over the web

Posted by Falmarri on Stack Overflow See other posts from Stack Overflow or by Falmarri
Published on 2010-05-09T09:06:21Z Indexed on 2010/05/09 9:18 UTC
Read the original article Hit count: 221

Filed under:
|
|

So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes.

This is what the server looks like (in pseudocode)

$pass = $_POST['pass'];

if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS;

This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

© Stack Overflow or respective owner

Related posts about security

Related posts about php