Ok now I am confused. I have been getting advice from SO users on libraries to use with codeigniter for authentication. I have explored dx_auth and simpleloginsecure (I think I will use the latter due to its supposed secure hashing and small footprint).
BUT, what about hashing the password on the client side? I haven't seen any mention of this in the libraries' documentation. Regardless of how secure these libraries are, doesn't there need to be some client side encryption (js) so that passwords are never posted in plain text? Or am I missing something and these libraries somehow do cover this...
Thanks
Update: a couple answers below suggest SSL. However, I was under the impression that these php (codeigniter plugin) libraries were in lieu of SSL (was I completely mistaken here)? If I am mistaken, is there a secure way of accomplishing this without SSL? (In the past I have used a javascript md5 hash function to encrypt the password before posting it...but I was hoping for something more secure).
Update 2 Okay - so it seems like the consensus is that I should be using SSL. If this is the case, then what is the point of all those fancy php authentication libraries that perform all sorts of hashing. If SSL takes care of the encryption from the client to the server, then whats the point of using these libraries (dx_auth etc.. aside from maybe adding role capabilities)? Is it simply to ensure secure storage of the data on the server/database? (I would compare the level of sensitivity of the data on the project I am working on to that of stackoverflow..no credit cards or anything overly sensitive, just username, password etc.)