how to encrypt username and password before transmit on client side

Yup , What suggested is true...

The HTTPs authentication type is mainly for encrypting..

This is an extract from the book i have which states how you can do that...

UNDERSTANDING AUTHENTICATION MECHANISMS

HTTPS Client authentication :

HTTPS is HTTP over SSL (Secure Socket Layer). SSL is a protocol developed by

Netscape to ensure the privacy of sensitive data transmitted over the Internet. In this

mechanism, authentication is performed when the SSL connection is established

between the browser and the server. All the data is transmitted in the encrypted form

using public-key cryptography, which is handled by the browser and the servlet container

in a manner that is transparent to the servlet developers. The exam doesn抰

require you to know the details of this mechanism.

Advantages

The advantages of HTTPS Client authentication are

?It is the most secure of the four types.

?All the commonly used browsers support it.

1 Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for

more information.

Disadvantages

The disadvantages of HTTPS Client authentication are

?It requires a certificate from a certification authority, such as VeriSign.

?It is costly to implement and maintain.

YogendraJ123a at 2007-7-13 4:53:40 >