I’ve been reading on encryption now or a week and cannot seam to get my head around this.
I’ve read different tuts and doc’s.
I have a login page with a user name and password.
Through a ajax function these are sent to a file pw_check.php and just before they are sent the values are encrypted. The encrypted values are checked against datafields in the database and everything works fine.
Now my problem.
If somebody would want to acces my site illegally then all they would have to do is look at my javascript file and see what code i’m using to encrypt the data and try diffent logins with the same encryption to test. So what is my encryption adding?
Then if someone would get the send data by spying on the communication they would find the encrypted data. With this they could just call my pw_check.php and could logon so that doesn’t sound very safe.
Am i doing something wrong here? Or is this all the safety i can get?