jros jros - 7 months ago 9
PHP Question

How should you send a password from a pure html/javascript application to a php page?

I'm trying to create a login system where multiple applications are able to login using the same web service. This "web service" is just a web page written in php. Ideally, the applications could sed up the username and password to the web service, which would check the values against the encrypted database values, and then return either true or false for logged in (more than that, but you get it).

However, as you read that, you probably instantly noticed I said "send password to the web service", which is really really bad if you don't do it correctly. I don't want to send a decrypted password over get/post for obviously security reasons.

What is the best/most secure method of sending a password from a pure html/javascript application up to a php web service? I am very new to this sort of thing so I'm a bit lost.

Answer

How should you send a password from a pure html/javascript application to a php page?

The standard and secure way is to send data over an HTTPS connection, for that you'll need to install an ssl certificate on your domain. SSL certificates used to cost money but in our days you can get them free at https://letsencrypt.org/