I have form in my html page
<form id="login_form" method="POST" action="index.php">
<table>
<tr>
<td><label style="color:#47A3FF;" for="name" title="User name">
Username</label></td>
<td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
type="text" name="username"></td>
</tr>
<tr>
<td><label style="color:#47A3FF;" for="loc">Password: </label></td>
<td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
type="password" name="password"></td>
</tr>
<tr>
<td colspan="2" align="center">
<button dojoType="dijit.form.Button" class="soria" style="border: 1px solid black; float:right;"
type="submit">Login</button></td>
</tr>
</table>
</form>
Do I need to use SHA256 when I send username and password over network ? How to use SHA256 over those data ( I have function sha256_hash which use string and return hashed value, but I don't know where to call that function ) ?
I have form in my html page
<form id="login_form" method="POST" action="index.php">
<table>
<tr>
<td><label style="color:#47A3FF;" for="name" title="User name">
Username</label></td>
<td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
type="text" name="username"></td>
</tr>
<tr>
<td><label style="color:#47A3FF;" for="loc">Password: </label></td>
<td><input style="color:#47A3FF;" dojoType="dijit.form.TextBox"
type="password" name="password"></td>
</tr>
<tr>
<td colspan="2" align="center">
<button dojoType="dijit.form.Button" class="soria" style="border: 1px solid black; float:right;"
type="submit">Login</button></td>
</tr>
</table>
</form>
Do I need to use SHA256 when I send username and password over network ? How to use SHA256 over those data ( I have function sha256_hash which use string and return hashed value, but I don't know where to call that function ) ?
Share Improve this question edited Apr 7, 2011 at 12:55 Shaz 15.9k4 gold badges43 silver badges60 bronze badges asked Apr 7, 2011 at 12:50 DamirDamir 56.4k98 gold badges251 silver badges368 bronze badges2 Answers
Reset to default 4You should hash the desired values when the form is submitted.
I guess something like this should work :
HTML
<form onsubmit="return myOnSubmit(this);">
JavaScript
function myOnSubmit(aForm) {
//Getting the two input objects
var inputUsername = aForm['username'];
var inputPassword = aForm['password'];
//Hashing the values before submitting
inputUsername.value = sha256_hash(inputUsername.value);
inputPassword.value = sha256_hash(inputPassword.value);
//Submitting
return true;
}
EDIT :
Because of the 'Hashing the values before submitting' part, it will not work if you have a maxlength property, because hashed values are much longer than just the clear password.
If you MUST use a maximum length, then you would need to implement HIDDEN FIELDS and changing those values, and making sure the fields containing the clear data aren't submitted (outside of the <FORM> tag).
<button dojoType="dijit.form.Button" class="soria" style="border: 1px solid black; float:right;" type="submit" onclick="username.value=sha256_hash(username.value);password.value=sha256_hash(password.value)">Login</button></td>
Generally when you send sensitive data, you have only to worry about password, so you can hash password and leave user as it.