I am just experimenting with some dynamic web projects and i'm a little unsure about security precautions. I'm also really not quite sure where to ask these questions in this forum (so I apologise if this is not the correct place to ask, although since security is something that covers both server and client sides, it doesn't quite fit into either category). I have experience with databases and web front ends but security is something that I am quite new too.
A project that I am working on currently has a members area with a login. I won't be handling any sensitive data so it seems that encryption is not necessary, my plan is to have user name and password authentication (where i intend to hash passwords and transmit these where the server will reference again a users table in a database. (hashing simply to not transmit these as plain text). My concern comes with logging in as an administrator, I intend to have an administrator front end that gives a lot of privileges (such as being able to delete users). Since this is a little bit more sensitive, and hashing passwords is not very secure, Is encrypting the only way to establish a highly secure way to transmit data? I have been looking into using sessions more carefully (i.e. not allowing external sessionID's for one example) but I cannot think of any way to protect data transmission from a man in the middle that doesn't involve encryption (which I know nothing at all about in terms of setting up) any suggestions??