Newbie here. I've created a user login form in HTML/JS to send a user name and password to a PHP script for authentication.
But I don't understand what is the security best practice for sending the password to the PHP. Is the password sent in plain text? Despite using HTTPS, that would make me nervous. Or is the password somehow encrypted before sending it out and decrypted by the PHP. If so, what is the industry standard technique?
Just trying to understand security best practice.