Greets,
I have played around with cURL to attempt to solve a security problem. I have a login page where a user specifies their login name and password in a form. I POST the form to the server from the browser, which sends that data in cleartext (bad).
I am looking for a solution where I can post the data over a secure socket from the user's browser without having the user enter https:// to have the browser session in SSL mode.
I tried using cURL to post to an https:// site, but of course, the user has to POST their credentials to the server for cURL to operate on it. So, this is a moot point :-)
Are there any suggestions for solving this problem? Should I just rely on the browser being in https:// mode for the login page? Is there a more "behind-the-scenes" solution where the user is not exposed to certificates, etc. The reason I ask is because ALL I need is for the user name and password to be secured on the network at all times, but the pages they are viewing do not need the SSL security.
Cheers,
Jason
