We use challenge-response authentication with our Flex app. It's pretty easy to implement, but for some reason it isn't done much in web applications. Provides for secure authentication without requiring HTTPS.
I outlined the detailed steps (with challenge-response plus storing hashed password in db) here on the Fluorine mailing lists. http://www.nabble.com/Protection-of-User-Password-Information-to15454614.html#a15454617 We use ASP.NET with Fluorine so session support is automatic. HTH, Sam On Wed, Apr 23, 2008 at 2:06 AM, timgerr <[EMAIL PROTECTED]> wrote: > I was wondering how people create a secure login system. Do you use a > php back end or what? How do you handle sessions and or cookies? > > Thanks for the info, > timgerr > > > ----------------------------------------------------------------- We're Hiring! Seeking passionate Flex, C#, or C++ (RTSP, H264) developer. Position is in the Washington D.C. metro area. Contact [EMAIL PROTECTED]