I want to secure the login page on my blog when my browser sends my password to the server (http) as I don’t want anyone to steal it.
How would you do it?
Advertisement
Answer
As far as I am aware the only real way to do it from a production perspective would be to use javascript to encrypt the data sent in the form and then decrypt it at the other end.
There appear to be a couple of JS classes for this purpose, e.g. http://www.jcryption.org/ jCryption uses the public-key algorithm of RSA for the encryption.
Then a third party packet sniffer would have to know the decryption key to be able to do anything with the data.
I would recommend using SSL for all login’s though! Personally I tunnel all my traffic over a VPN so I know it is slighty safer when in public places.