You might want to take a look at using digest authentication, which sends a MD5 digest of the pasword instead of the actual password.
http://httpd.apache.org/docs/howto/auth.html > I have written some php-based internal systems for our users. Users are > required to authenticate to access this system, and their login > determines what they are allowed to do within the system. I am > concerned that their logging in with cleartext passwords is a security > risk. I work in a K-12 school enviroment, and many of these students > are rather devious and resourceful (as I was at that age :) ). My fear > is some bright student setting a sniffer up on my network and gleaning > passwords from it. > > I am wondering if any of you have had similar problems. What is a more > secure way for people to login? Is SSL an option, and if so, how do I > go about using it? Do I have to purchase a certificate? Or is there > some other option? Finally, should I be using .htaccess at all, or is > there a better way? Thank you in advance for your advice. -- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
