Re: [PHP] Re: protecting passwords when SSL is not available

Satyam Mon, 27 Mar 2006 07:19:50 -0800

The php server sends it along the form. Which I said so:


"PHP will send a random number along with the login form. "

I don't see any problem sending that information to the client clear(unencrypted), but that's why I'm asking.


Satyam

----- Original Message -----From: "Barry" <[EMAIL PROTECTED]>

To: <php-general@lists.php.net>
Sent: Monday, March 27, 2006 3:36 PM
Subject: [PHP] Re: protecting passwords when SSL is not available

Satyam wrote:

b) concatenate this value with the session_id() or whatever random yougenerated before


And where do you get that information?

Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: protecting passwords when SSL is not available

Reply via email to