I’ve been reading on encryption now or a week and cannot seam to get my head around this.
I’ve read different tuts and doc’s.
I have a login page with a user name and password.
Through a ajax function these are sent to a file pw_check.php and just before they are sent the values are encrypted. The encrypted values are checked against datafields in the database and everything works fine.
Now my problem.
Then if someone would get the send data by spying on the communication they would find the encrypted data. With this they could just call my pw_check.php and could logon so that doesn’t sound very safe.
Am i doing something wrong here? Or is this all the safety i can get?