Rene Veerman wrote:
Just for this case, where authentication of the server isn't an issue,
and things like deployment cost are,
i'd like to propose that we on this list look again at securing
login/pass through onewayHash functions, in an otherwise non-ssl
environment.
i hate to be a critic
yes there are situations like that but then it could just submit the form
(which would happen anyway) and check the plaintext password like normally
if the other mechanism fails. If people have js turned on it would simply
increase security a little. The crucial part is just the sending of the
pass
On Feb 16, 2009, at 6:11 AM, German Geek wrote:
Brilliant. Someone who understood my intentions :) It's not only a
good
exercise but also useful. Once done in PHP and various JS
frameworks, we
could port it to other languages. Would suggest to support as many
as we can
because they all hav
Brilliant. Someone who understood my intentions :) It's not only a good
exercise but also useful. Once done in PHP and various JS frameworks, we
could port it to other languages. Would suggest to support as many as we can
because they all have pros and cons. PHP first tho :) . Maybe just good old
j
Just for this case, where authentication of the server isn't an issue,
and things like deployment cost are,
i'd like to propose that we on this list look again at securing
login/pass through onewayHash functions, in an otherwise non-ssl
environment.
i hate to be a critic of the community her
5 matches
Mail list logo