Password / Login Security
Posted on 2012-03-28
I often write code that allows a user to logon to a website and I usually do it pretty much the same way.
The user registers on a page with their userid and password and this gets sent to the server. The server encrypts this (MD5 etc.) and stores the encrypted userid and encrypted password on the database.
At the time of registration, they also supply an email and you send a link to that email address which if they click it then activates the account and all is well.
There is then a login form where they enter their userid and password and this is sent to the server and it encrypts the entered userid password and checks to see if a userid equal to that encrypted value of the entered userid exists on the database and it is an active userid and the encrypted value of the password entered matched the encrypted value stored on the table.
If all is OK then we create a pair of cookies on the users PC with the userid (encrypted) and the password encrypted. Every time a page is requested, the cookie is examined and checked again and we also use this to get access levels for that userid from the database to check if they can see the requested page or data.
All seems well and it all seems to work pretty well.
What worries me is that you read all about people sniffing traffic and the data is sent in clear from the PC to the Server - it only being encrypted when received at the server. Is this best practice?
Are there other, better, more secure ways of doing this? I know we could use https and SSL - but is this necessary for most sites?
Does anyone have any suggestions for making fairly trivial sites more secure? What do you suggest if you are moving into e-commerce?
Which is the main reason for the question! I should say that I intend the bank site to do all the real work of taking the payment and just have that appear on my site.