Client Side Encryption Techniques

HTTPS is the obvious solution to build secure connection between client and server. Unfortunately, it may not the answer to all web applications. For some reasons, you cannot afford SSL or it's not necessary to use it. Anyway, even if you don't have SSL you can still provide security one level up. Because of that most of users use same password for all online web applications, their accounts are vulnerable. Same password might be used for online banking and any simple web forums. If I capture a password used in a forum web site I'm able to use same password to access the victim's online banking account. For that reason, you have to be more careful when you connect public wireless network.

client side encryption

It's always possible to listen and monitor the network and capture packages which is sent and received between client and server. If your client's password is sent in a plain text to your server, it can be captured easily by listening your client's network. In order to protect your client's password you can use MD5, SHA-1, and SHA-2 which are cryptographic hash functions. On client side, you can encrypt your client's password then send it to the server to validate. On server side, passwords must be stored in your database  by using cryptographic hash functions to match two encrypted strings; one of them sent by client and another stored on database. Because, when it's encrypted by cryptographic hash functions it cannot be decrypted into the original string. This solution is called one-way encryption.

As I said, this doesn't provide comprehensive safe environment. But it protects password in plain text to be seen by watchers who listen your client's network.

Here you can find open source project written in javascript to encrypt plain text by using cryptographic hash functions.
http://code.google.com/p/crypto-js/