I'm trying to develop a security layer between a web client (HTML) and a server. Due to technical limitations HTTPS can't be enabled.
How can I secure the server so that only requests from trusted sources are processed?
I have looked into Nimbus SRP but a password would have to be stored in the client side and thus being visible for inspection.