Never been to DZone Snippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Password authentication without revealing your password (See related posts)

The majority of personalized web sites use some kind of form-based password authentication where you have two form fields for username and password, and a login button. When you submit your authentication, the password is sent in the clear to the server for verification against a user database.

Using a Javascript SHA library and one simple onsubmit protects the password in transit and also inside the user database:

<form onsubmit="pwField.value = b64_sha256(pwField.value);">


Read this for more elaborations with increased security.
to javascript password security by asgeirn on Wed May 09 15:59:22 -0400 2007

Comments on this post

tomafro posts on May 17, 2007 at 11:24
This does nothing to protect the password in transit. The hashed version can be intercepted as easily as the non-hashed version, and both are of equal value to an attacker as both can be used to authenticate against the site.

You need to create an account or log in to post comments to this site.


Click here to browse all 4852 code snippets

Related Posts