|
HJB 10/14/2018 |
|
... you need to install a security certificate, say, to finally own HTTPS instead of only HTTP ... |
|
|
Admin 10/15/2018 |
|
Needs to be HTTPS. |
|
|
D
|
ding author 10/15/2018 |
|
many thanks for your prompt reply. The problem for me is that i can not use HTTPS. So i want to konw how to protect the user and his password under the HTTP,instead of the HTTPS system. |
|
|
|
HJB 10/15/2018 |
|
... a kind of workaround could be to instruct the user (if safety of login credentials over HTTP really matters to the user) to run the CHANGE PASSWORD button every time after having been logging out and to keep the NEW one for the next new login, repeating the CHANGE PASSWORD feature over and over again ..., HOWEVER, this is mostly regarded to be very uncomfortable in the user's eyes, however, due to web technical laws, comparably speaking, you cannot mount wings unto a turtle to get it to be able to fly. |
|
|
|
Admin 10/15/2018 |
|
You cannot really do that if you use HTTP. Encryption in Javascript won't work. What is encrypted in Javascript can be decrypted in Javascript as well, very easily. |
|
|
|
HJB 10/15/2018 |
|
Biggest problem is TWILIO, say, they only start listening as off 1m users which is far out of reach, making it more than difficult for small scale ones or start-ups at all. We here in Germany have a solution provider for small scale VoIP based SMS based two-token authentication requiring users via PHPRunner and contacted them fews days ago, in the aim to show them the market, but much to our surprise, they remained silent, most probably due to the fact that they are totally unaware of the worldwide market demand anyway, so, the problem is not really that NO affordable solutions outside TWILIO or else would be around, but "Poverty starts in the head" in regard to some competitors anyway. |
|