PHP Authentication Over Unsecured Internet Connection
When I wrote my earlier article on Managing Users in a PHP Web Application, I neglected to mention that the authentication mechanism is only acceptable when users are connected over a secure connected (HTTPS) or are on a trusted network (such as a corporate intranet). We went through great lengths ensuring that the passwords are stored securely in the database and that the site is not susceptible to SQL injection or XSS techniques. However, when the login form is submitted over an unsecured internet connection the password is sent back to the server in plain text. Anyone lurking on the network can easily get the login credentials using a network sniffer such as Wireshark. The solution to this problem is to hash the password using MD5 on the client side prior to submitting the login page. This is similar to how we hashed the password stored in the database to prevent people with access to the table from viewing users’ passwords.
The following article goes over the technique of securing client-side passwords using a JavaScript implementation of MD5. The key to take away from the article (besides the JavaScript code for MD5) is that the user’s password is hashed and submitted in hashed form only. In my case, I simply replace the clear text password with the hashed version prior to submitting the login form. This is the only change required to the login form code implemented in the previous article.
<input onclick="document.form.txtPW.value=MD5(document.form.txtPW.value)" name="Login" type="submit" value="Login" />
Note that this solution will only work if the client has JavaScript enabled on their browser. You can use FireBug’s network panel to verify that the clear-text password is not transmitted.