0

I know its a duplicate question. But i don't know how to implement this in YII.

I need to encrypt the password before submitting the form values to controller. When we submitting the form the password field also travel as plain text only.

So its is easy to intercept and get the password value using tools like wireshark and Burp suite(in the bellow image i captured the entered password as plain text).

enter image description here

So, I searched about this and i found a solution for codeigniter. As of the solution by JLeft to use ssl. But, I don't know how to implement this in YII. Please suggest me any solution in YII or any alternative.

Community
  • 1
  • 1
Mahendran Sakkarai
  • 8,381
  • 6
  • 44
  • 66
  • Wireshark and other programs like that works on same network(wifi for example). It's not that case when it's needed(or it would be secured already in framework), if you scared - use ssl. Actually noone can catch your password from other network/device when form submitted, it can be done only with your device(if someone have access to it), or form network with packets interception. – ineersa Aug 13 '14 at 13:41
  • 1
    If it done from user device - it's user problem, not yours. From network fishing and packets interception - use ssl. – ineersa Aug 13 '14 at 13:44
  • Hello @ineersa . I followed this [link](http://www.yiiframework.com/wiki/407/url-management-for-websites-with-secure-and-nonsecure-pages/) to use ssl. Even though when i use burp suite it showing the password as plain text. Am i doing anything wrong? – Mahendran Sakkarai Aug 14 '14 at 12:31
  • It's only URLmanager for comfort work with links, you need to install certificate http://www.digicert.com/ssl-certificate-installation-apache.htm – ineersa Aug 14 '14 at 13:15

1 Answers1

0

You could echo the salt generated from Yii and use JS tool like https://code.google.com/p/crypto-js/ to encrypt the password

Simon Tsang
  • 68
  • 1
  • 10