Is there a fallback to normal auth possible if js is not running? I like the idea, but preventing someone who doesn't have js enabled to register/auth is pretty harsh.
On Sun, May 3, 2009 at 6:27 AM, Paul Johnston <paul....@gmail.com> wrote: > > Hi, > > Many web sites have a user name and password login system, and do not > use SSL. As a consequence, users' passwords are transmitted over the > internet unencrypted. This puts them at risk, particularly if the user > is on a shared ethernet segment, or open wireless network. > > For many years I have provided a JavaScript MD5 library (http:// > pajhome.org.uk/crypt/md5/), which can be used to perform a challenge- > response login. This avoids passwords being transmitted unencrypted, > although the security is not as strong as SSL. A number of web sites > currently use this technique; for some years Yahoo did, although they > now have SSL login. > > However, the use of JavaScript MD5 is not widespread. I think this is > because few authentication libraries support it. It is possible for a > library to provide JavaScript MD5 as an authentication mechanism, with > the details hidden from the application developer. In fact, it's quite > easy to implement, and there is a lot of guidance on my site. > > So, this is a call to the authors of all web authentication libraries. > Add JavaScript MD5 as an authentication mechanism. And then let me > know, so I can link to you from my site. If you need any help > implementing it, drop me a line, I'll do what I can. > > I think supporting this mode would be a big selling point for any > authentication library. And if support becomes widespread, the > internet becomes a little bit safer for everyone. > > Best wishes, > > Paul > > > > -- Adys --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
