protected password

[callshakeel]

i'm developing a web based system,
here is a server and mainy clients, i'm generally taking the password of user and matching it.
Is password not safe while travelling ?
Is there any way to traverse password in safe way?
plz help me .

 

[palbano]

>> Is there any way to traverse password in safe way?

If you mean "transfer" password from browser to server using POST, you can use HTTPS which is the protocol for using SSL


-pete

 

[Bullschmidt]

And here is a little more info about https (i.e. SSL).

Get your own SSL certificate (perhaps at

http://www.thawte.com)

and be sure you have a Web host that will install it so that you don't have to switch servers and lose session variables.

Then you can access any of your pages with https instead of http.

But if you have SSL for your Web site that doesn't mean that everyone HAS to go in with https URL's. They can go in with http URL's too. So on the pages you want protected you may want to see how a user is coming in and redirect to https if needed...

For instance at my site only the sample Web database used to use SSL although SSL was available for the whole site.

But a tricky thing is that on your SSL pages you're going to want to be sure that all filepaths for included files and even images all use https and not http (or nothing because http is then assumed) otherwise the user will probably get a message from his browser saying there is secure and unsecure information on the page.

If you use secured pages on a different server you many want to find some way (such as by posting or via querystring) to pass in values such as for a shopping cart without using session variables. Or if you have access to the database from each server, you could store things in the database as a way of moving info from non-secured to secured pages or back again.

Best regards,
J. Paul Schmidt - Freelance ASP Web Developer

http://www.Bullschmidt.com

- Creating "dynamic" Web pages that read and write from databases...