rejetto forum

Encrypt password between client and server

0 Members and 1 Guest are viewing this topic.

Offline NaitLee

  • Occasional poster
  • *
    • Posts: 92
  • Computer brained boy
    • View Profile
Currently when we change our password, the password sent to client is not encrypted.
When we login, the password is dealt with sha256. But if hacker hijacked the result, he can still do things with correct ajax method.

So beside https, how to get the best effect of encryption between client and server?
I think, The message sent between client and server should be hard to deal.
And we should find a way, to send password/encryption-related message without/cannot fully seen by hacker.

Scripting command: Data manipulation maybe useful as there are some mathematical things.
Additionally, {.get account||password.} can get original password, {.sha256|A.} can make it undiscoverable, {.time|yyyymmddhhMMss.} can get a timestamp...

Anyone can share a bit suggestions? :)
Busy in school until late June, 2021.
My HFS template will not be frequently updated during this period.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 1995
    • View Profile
Currently when we change our password, the password sent to client is not encrypted.
When we login, the password is dealt with sha256. But if hacker hijacked the result, he can still do things with correct ajax method.

So beside https, how to get the best effect of encryption between client and server?
I think, The message sent between client and server should be hard to deal.
And we should find a way, to send password/encryption-related message without/cannot fully seen by hacker.

Scripting command: Data manipulation maybe useful as there are some mathematical things.
Additionally, {.get account||password.} can get original password, {.sha256|A.} can make it undiscoverable, {.time|yyyymmddhhMMss.} can get a timestamp...

Anyone can share a bit suggestions? :)

look at this post
http://rejetto.com/forum/index.php?topic=13326.msg1066139#msg1066139


Offline Richard_F

  • Occasional poster
  • *
    • Posts: 9
    • View Profile
Hello, NaitLee!

yeah, i had this problem for some time too. Unfortunatly i am not sure how fix it. (last time i got help ;D) But maybe this post https://www.technikhiwi.de/wordpress-hosting-test/#Sicherheit can help you. It is in german, so use a site-translation. There is some information about encrypt hosting and SSL-certification.