SHA1 is *alot* more secure than base64? You can generate a non-trusted local certificate for development you may get some errors on browsers about security but thats ok ...
btw: why would you actually use https in your development environment? I would probably just use in my production ... or am I misunderstanding you? On Tue, Apr 22, 2008 at 7:12 AM, Paul Cowan <[EMAIL PROTECTED]> wrote: > Hi,We have a web application that where the username and password are stored > in the database.The password is stored as SHA1. We have just been through a > security audit which deemed SHA1 to be not the saftest encryption > algorithm.Is there any way we can update the passwords from SHA1 to base64?We > also need to have the transport running over https, how can we develop > against Https without purchasing a certificate? > Is there a [EMAIL PROTECTED] > _________________________________________________________________ > 100's of prizes to be won at BigSnapSearch.com > http://www.bigsnapsearch.com > =================================== > This list is hosted by DevelopMentor(R) http://www.develop.com > > View archives and manage your subscription(s) at http://discuss.develop.com > -- Studying for the Turing test =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
