php - how to secure POST method without using SSL?

Question

I'm developing website where user submit credentials using ajax,php and using POST method and i want to protect login credentials not in plain text but i don't want to use SSL can i secure password credentials without using SSL certificate ??

Can anyone give me working example of any method ?

Answer 1

You cannot completely secure the credentials without some out-of-channel verification (which SSL provides); a man in the middle attack will always be possible.

Put simply, there is no way for the client to be completely sure that they are talking to the server instead of a fake server inserted somewhere in between.