Can use client Javascript or ssl to encrypt user and password before send it to server?
Every network administrator can use a sniffer to cap package to get user name and password. So login operation is very unsafety. I think login operation must be forced to encrypt before send it to server.
2FwEPDwUJNTA4OTg4NzcyD2QWAmYPZBYCAgMQZGQWAgIDD2QWBmYPD2QWAh4FU3R5bGUFHnRleHQtYWxpZ246bGVmdDtwYWRkaW5nOjEwcHg7OxYKAgEPFgIeBFRleHQFR1dlbGNvbWUgdG8gdW1icmFjbywgdHlwZSB5b3VyIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBpbiB0aGUgYm94ZXMgYmVsb3c6ZAIDDw8WAh8BBQhVc2VybmFtZWRkAgcPDxYCHwEFCFBhc3N3b3JkZGQCCw8PFgIfAQUFTG9naW5kZAINDw8WAh4HVmlzaWJsZWhkZAIBDxYCHwEFbiZjb3B5OyAyMDAxIC0gMjAxMCA8YSBocmVmPSJodHRwOi8vdW1icmFjby5vcmciIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246IG5vbmUiIHRhcmdldD0iX2JsYW5rIj51bWJyYWNvLm9yZzwvYT4gZAIEDxYCHwJnZGS%2BfubJNrKV%2Ban2YrC3s3juB8MAwg%3D%3D&ctl00%24body%24lname=admin&ctl00%24body%24passw=123456&ctl00%24body%24Button1=Login&ctl00%24body%24hf_height=&ctl00%24body%24hf_width=HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Fri, 15 Jan 2010 01:45:25 GMT Content-Length: 7784
Can use client Javascript or ssl to encrypt user and password before send it to server?
Every network administrator can use a sniffer to cap package to get user name and password. So login operation is very unsafety. I think login operation must be forced to encrypt before send it to server.
2FwEPDwUJNTA4OTg4NzcyD2QWAmYPZBYCAgMQZGQWAgIDD2QWBmYPD2QWAh4FU3R5bGUFHnRleHQtYWxpZ246bGVmdDtwYWRkaW5nOjEwcHg7OxYKAgEPFgIeBFRleHQFR1dlbGNvbWUgdG8gdW1icmFjbywgdHlwZSB5b3VyIHVzZXJuYW1lIGFuZCBwYXNzd29yZCBpbiB0aGUgYm94ZXMgYmVsb3c6ZAIDDw8WAh8BBQhVc2VybmFtZWRkAgcPDxYCHwEFCFBhc3N3b3JkZGQCCw8PFgIfAQUFTG9naW5kZAINDw8WAh4HVmlzaWJsZWhkZAIBDxYCHwEFbiZjb3B5OyAyMDAxIC0gMjAxMCA8YSBocmVmPSJodHRwOi8vdW1icmFjby5vcmciIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246IG5vbmUiIHRhcmdldD0iX2JsYW5rIj51bWJyYWNvLm9yZzwvYT4gZAIEDxYCHwJnZGS%2BfubJNrKV%2Ban2YrC3s3juB8MAwg%3D%3D&ctl00%24body%24lname=admin&ctl00%24body%24passw=123456&ctl00%24body%24Button1=Login&ctl00%24body%24hf_height=&ctl00%24body%24hf_width=HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Fri, 15 Jan 2010 01:45:25 GMT Content-Length: 7784
Using SSL the connection itself is encrypted, so all data sent are supposed to be safe.
I just hope using SSL for login process not for all. Becanse SSL can make operation to be slow. Can this be done?
I guess you could not switch between protocols (i have never tried such a scenario). But why should SSL slow down your connection?
I don't know why slow. But it's true.
So, I hope use ssl just for login not for other operations.
From my experience I can tell I never noticed a remarkable difference in performance between http and https. Which web server are you using?
is working on a reply...