Author: Samuel WilliamsWhen: Thursday, 08 October 2009
A website is only as secure as its weakest link. We should assume that an attacker has access to everything that is on the server. To this end, transmitting the password to a server in clear text isn't such a great idea.
It is possible to minimise the chance of a password being intercepted by simply not transmitting it at all, and instead sending a password digest. SHA can be used on the client-side to produce a password digest along with a random nounce to prevent replay attacks.
This diagram shows the basic of a secure hashing login system, which can be easily implemented.
Here is a client using jQuery. The login hash is retrieved from the server using AJAX.
The database I am using as an example is for email accounts. It is slightly more complicated than a typical example.
Finally, it is important to remember that this approach is not inherently secure. It is just one option to ensure that password does not travel in clear text. I highly recommend this article by Troy Hunt "Our password hashing has no clothes" which discusses the risk of using SHA for password hashing. I personally recommend using BCrypt.