Is it possible to hide the contents (or encrypt it) of an HTTP request so that no other than authorize person can view it ?? For example, if one user is just submitting a data to in Login page even if using the http post, then also it is possible to see the contents like username and password which are contained in request headers in firebug kind of tools.
I know that encryption algorithm at client side may be used but still data goes in HTTP request is visible.
Any solutions ??? Thanks in advance...
Is it possible to hide the contents (or encrypt it) of an HTTP request so that no other than authorize person can view it ?? For example, if one user is just submitting a data to in Login page even if using the http post, then also it is possible to see the contents like username and password which are contained in request headers in firebug kind of tools.
I know that encryption algorithm at client side may be used but still data goes in HTTP request is visible.
Any solutions ??? Thanks in advance...
Share Improve this question asked Nov 3, 2011 at 13:31 VedVed 8,7677 gold badges38 silver badges69 bronze badges 4- 3 en.wikipedia.org/wiki/Https – Matt Ball Commented Nov 3, 2011 at 13:34
- 1 and the reason you are NOT considering HTTPS is? – Pleun Commented Nov 3, 2011 at 13:34
- The data you send will always be visible over http, but if it is encrypted it can't be understood by listening parties which do not have enough data to decrypt it. – Daniel Klöck Commented Nov 3, 2011 at 13:35
- hmm.. what do you mean by visible? – Daniel Klöck Commented Nov 3, 2011 at 13:36
3 Answers
Reset to default 8The standard method for encrypting web traffic is an SSL certificate. Their use is easily recognized by the https protocol specification. - http://en.wikipedia.org/wiki/Https
SSL Certificates can be purchased easily online. Below are a couple of vendors that I use:
http://www.comodo.com
http://www.verisign.com/ssl/buy-ssl-certificates/index.html
The answer depends a lot on the setup you are looking for. If you just want to prevent anyone from listening in on the traffic, use HTTPS for the requests.
If you want to encrypt the data you are sending with a specific password, check out the Stanford Javascript Crypto Library.
You must use HTTPS protocol