I want to create a secure login, so I want to encrypt the password before I send it as POST parameter. I am doing it with a SHA1 javascript function.
Then I realize that if someone intercepts the encrypted password, he can use it right away. Sending it as a post parameter the same URL.
How can I be sure that the password comes from the login input field? Maybe with a PHP session? I don't want to use secure http yet. Anyone has a simple alternative?