How to implement form-based authentification without SSL/TLS

Question

I am building a small website to learn web development.

I would like to have a secure authentication system. After some reading, it seems like there is no way to send the credentials to my server without SSL/TLS connection.

However, an SSL connection is not suitable for me for the following reasons:

It is complex;
It is (most likely) not free

Is there any alternative that I could use to handle authentification ?

More specifically, I would like a way to transfer the user credentials from a form in my html page to my server without it being easy to steal using packet sniffing.

Setup: Arch Linux (ARM), Nginx, NodeJS, Mongodb

*" After some reading, it seems like there is no way to send the credentials to my server without SSL/TLS connection"* That's correct. — Scott Marcus, May 27 '17 at 22:03
It _is_ the only way, and it can be free. Check out [letsencrypt](https://letsencrypt.org/) — Luca Kiebel, May 27 '17 at 22:04
For development purposes. What are self signed certificates. — Darkrum, May 27 '17 at 22:06
You need to provide more info like the hosting platform you're using. — Darkrum, May 27 '17 at 22:16

score 2 · Accepted Answer · answered May 27 '17 at 22:03

2

There is a free alternative called letsencrypt, which generates free tls certificates, have a look:

https://letsencrypt.org/

answered May 27 '17 at 22:03

DZDomi

1,685
15
13

1

This should be accepted! – Luca Kiebel May 27 '17 at 22:05
@LucaKiebel no it's not OP's requirements probably extended further then just needing a free certificate. He probably doesn't know how to set everything up. Running a http webserver is simple for most but if you're not familiar with https then there's a learning curve and even lets encrypt is not the most noob friendly thing out there. – Darkrum May 27 '17 at 22:11

How to implement form-based authentification without SSL/TLS

1 Answers1