Login info going as plain text - How to make it unreadable

Question

I'm doing a login form that uses jquery to pass data from the form to the script and back. I've noticed the email and password are being sent as plain readable text. I also noticed that in other site like this very one, or gmail or others, the login info isn't readable like mine is. How can I do this? Somehow, sending this info as plain text doesn't look very... professional.

Screen Capture FireBug

If not as plain text, how are they sent? What do they look like? Unless you use https (which you _should_ do for logins!!!) they will be sent in plain text. Some sites may base64 encode before sending, but that amounts to little more than obfuscation. https will protect it. — Michael Berkowski, Dec 19 '12 at 03:33
Use [SSL](http://en.wikipedia.org/wiki/Secure_Sockets_Layer). Set up `https:` on your server. — wallyk, Dec 19 '12 at 03:33

score 6 · Accepted Answer · edited May 23 '17 at 12:27

6

you have several options here:

Use HTTPS protocol to send the login informations.
You can hash/encrypt your login info on the client side, upload it/process the form, and decrypt and process the login info on your server. SO have several Q/A answers regarding this process:
- Two-way password encryption without ssl
- Secure login: public key encryption in PHP and Javascript

However, options #2 is not really an options, if the encryption key are also submitted in plain text over the internet.

edited May 23 '17 at 12:27

Community

1
1

answered Dec 19 '12 at 03:35

ariefbayu

21,241
12
69
92

Option 2 shouldn't really be considered an option, since it doesn't add any security (which is mentioned in the answers you linked). – Emily Dec 19 '12 at 03:43
@Emily: true, I should've added that info on my answer *updating* – ariefbayu Dec 19 '12 at 03:44
Ok. I'll have a look at SSL. Will speak to my web host about it. – Norman Dec 19 '12 at 03:49

Login info going as plain text - How to make it unreadable

1 Answers1