Greetings,
I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted).
In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products.
So my question is..
At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong?
if you are sending passwords over the internet, then they can be sniffed in transit, it depends on how paranoid / how important the information is. Unless you encrypt them before sending (client side), but this is quite complicated
You probably should just use https to do the encryption, it works the same as normal, the HTTP layer deals with all the encryption for you
How secure is a password protected page done with just PHP?
over http, with no encryption - not very secure over https - as secure as anything is on the internet
Thanks Chris
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
