Secure Plain Text Authentication in PHP using SCRAM
In today’s world, a secure authentication mechanism for web sites is an absolute necessity. Hackers and script kiddies love to hijack accounts in any way possible. In some cases even entire databases hackers are compromising entire databases, which, is the last thing a developer wants to be held responsible for.
Today, I will be showing you a mechanism to not only secure the passwords being held in your databases, but a way to secure the authentication process itself from prying eyes. Enter SCRAM. While it’s impossible to completely prevent a man in the middle access attack, utilizing SCRAM will certainly make it exponentially more difficult. For a site that isn’t running e-commerce, I believe this is a much more cost-effective solution to an SSL certificate.