It would be nice if I can use the SSL but I don't want to spend a lot of time on it on IIS. Beside part of that website is only for internal part for my company. Beside the end user wouldn't know where hte login link is anyway.
"Brent Baisley" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you want to increase security then you really should use a secure > connection, then everything is encrypted as well as other security > measures. Even if you do encrypt the password you also need to establish > and track a session to make sure it's the same computer you are > communicating with, guarding against a hijacked connection. > Besides, using SSL is a heck of a lot easier. Just get a certificate for > the server and slap https:// on the front of the URL. I'll admit I > summarized the process a bit. > > > On Friday, January 10, 2003, at 11:12 AM, Scott Fletcher wrote: > > > I'll look into this and try it out. The only thing that is important > > to me > > is that the password get encrypted before transmitting across the > > internet. > > I'm not worry if the JS is disabled because if it is then the login will > > never be authenticated. I'll keep on exploring for way to increase > > security. > -- > Brent Baisley > Systems Architect > Landover Associates, Inc. > Search & Advisory Services for Advanced Technology Environments > p: 212.759.6400/800.759.0577 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
