Php login security help?
When you make a login form and then process the password and user name with a php script thats called by the form. Do you have to encrypt the data somehow before the form is submitted to the php script? I notice with a packet sniffer on my web site, to try and find out what will show, my password and username is clearly shown in the http header. Can anyone get that packet or is this transmition just between me the site? If not how can I encrypt it first? Can you show me an example, or a web page somewhere on this?
Tagged with: http header • packet sniffer • php script • transmition • web page
Filed under: Data Security
Like this post? Subscribe to my RSS feed and get loads more!
The password is sent in plain text unless you put other measures into place.
What you could do is set up a secure connection between the client and the server, that way it can't be sniffed. Or at least it's a lot harder.
If you feel that would put too much of a burden on the communication, you could also try the following:
Allow the user to register at your site, and let him/her pick a password. This has to be done over a secure connection, but it's a one-time thing. (Well, a secure connection should also be used when the user wants to change the password.)
1) Calculate a hash (md5, sha1 or whatever) of the password and store this in the database.
2) When a user wants to log in, send a log in page to the client that contains a random number and a Javascript implementation of the hash that was used in step 1). Do keep the random number is a session variable on the server (obviously).
3) Let the user enter the user name and password. Calculate the hash of the password, and add the random number to the result. Calculate another hash over this (random number + result), and send this result back to the server –along with the user name, of course.
4) On the server, use the user name to retrieve the hash of the password. Add to the hash the random number from step 2) as it was stored in the session, and calculate another hash over this sum –just like you did using Javascript on the client.
5) If the result of this calculation equals the result that was posted by the client, the right password was given, otherwise it wasn't.
You may wonder: why do I store the password's hash in the database, why can't I store it as it was entered by the user? The reason is simple: the hash can't be used to log in, so if anyone cracks your website, then the stored passwords are useless to the cracker.
Why is a random number used added to the hash of the password? Well, if you didn't do that, then every user would always be sending the same hash of the password to the server; a cracker could sniff and send this hash just as easily as the password itself –without ever having to know the actual password. If you add a random number to it, then the hash of (the password's hash + the random number) will change on each login attempt, so even if a cracker intercepts it once, it's useless on a following attempt because the random number on the server will have changed –and so will the result of the calculation!
The above answer is good for learning the ideas behind login security. For a project I did recently, here is a script that I used:
http://hvassing.com/2007/simple-php-login-script-using-session-and-mysql/
If you use it, be sure to give credit to the original author (it's not me, in case you're wondering).