You've tagged this question with the ssl tag, and SSL is the answer. Curious.

There are MD5 libraries available for javascript. Keep in mind that this solution will not work if you need to support users who do not have javascript available.

The more common solution is to use HTTPS. With HTTPS, SSL encryption is negotiated between your web server and the client, transparently encrypting all traffic.

You need a library that can encrypt your input on client side and transfer it to the server in encrypted form.

You can use following libs:

• jCryption. Client-Server asymmetric encryption over Javascript

Update after 3 years:

• Stanford Javascript Crypto Library

Update after 4 years (Wohoo!)

• CryptoJS - Easy to use encryption
• ForgeJS - Pretty much covers it all

Still not convinced? Neither am I :)

• OpenPGP.JS - Put the OpenPGP format everywhere - runs in JS so you can use it in your web apps, mobile apps & etc.

You can also simply use http authentication with Digest (Here some infos if you use Apache httpd, Apache Tomcat, and here an explanation of digest).

With Java, for interesting informations, take a look at :

• Understanding Login Authentication
• HTTP Digest Authentication Request & Response Examples
• HTTP Authentication Woes
• Basic Authentication For JSP Page (it's not digest, but I think it's an interesting source)

For a similar situation I used this PKCS #5: Password-Based Cryptography Standard from RSA laboratories. You can avoid storing password, by substituting it with something that can be generated only from the password (in one sentence). There are some JavaScript implementations.

This sort of protection is normally provided by using HTTPS, so that all communication between the web server and the client is encrypted.

The exact instructions on how to achieve this will depend on your web server.

The Apache documentation has a SSL Configuration HOW-TO guide that may be of some help. (thanks to user G. Qyy for the link)