Kissa Mia Kissa Mia - 22 days ago 8
Ajax Question

How to make a secure login page over SSL HTTPS?

I was trying to figure out how to submit a login form securely. I went through many discussions and topics on Google and Stack Overflow, read many things about hashing passwords, making secure sessions, making secure cookies and so on and on, but 1 solution seems to be the easiest and the most secured solution and that would be SSL HTTPS, so I have activated the SSL on my dedicated server, but I am not sure about how to have my form to submit over HTTPS?

Someone told me that, I don't need to do any complicated coding, I will just need to use

RewriteEngine On
RewriteCond %{HTTPS} = off
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
RewriteCond %{http_host} ^yourdomain.com [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]


To redirect all the pages over https and then just simply submit my forms through form action and post method, and I should not even use AJAX to submit the form.

But, this sounds too simple to me, so I thought about writing my thought here and ask the professionals about it.

So here is the question: will the above code secure all the submissions? Should I add any more coding like hashing and slat to submit the form over https? I need to secure my login register forms.

Leo Leo
Answer

this is the best link I know about what you want to learn

https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet

good luck