I'm creating a new device that act as a webserver and I need to send/receive username and password to authenticate commands (I'm using REST). But, since Arduino/ESP doesn't support SSL, what's the best way to protect my data against, for example, a sniffer that could grab my URL's and copy/paste modifying some values?
I know that I could hash my username/password......but this would be one time. And since 'hacker' could grab my data, they can simple copy/paste the hashed username/password and make new call's.....they simple doesn't need to know the real password, just copy/paste and send new requests. Anybody had this kind of problem?
With SSL (on Arduino web server), would be hard (not impossible) to grab these data/URL's.