My question is on password authentication for a web-based app. The app is PHP based, but i'm just really interested in people thoughts on my methodology.
Now, so far, i've been happy with this system, and am satisfied that it is secure enough for our purposes. I'm interested to hear of peoples opinions on this system, and whether there is any obvious flaws in my scheme (I am no web-app security expert!).
One problem i've been mulling over with this scheme, is the ability to offer users the opportunity to change their passwords. My system relies on the server-side having prior knowledge of the password hash, to allow authentication. To allow a password change, it seems to me that the same method of authentication would be used, however, a new password, having only been SHA1 hashed would need to be sent as well (to be stored in the dB). To me this seems insecure, as a snooper could sniff this value, and then use it in conjection with a future challenge value to provide the correct password hash. Although pretty unlikely, its still a potential hole. Is there a better system I could employ? Or is the ability to allow users a browser-based password change inherently insecure?
I'm iinterested in what other people have done, for my own education, but also in the hope that I can make a more secure application. So any comments people have would be appreciated.