Hello, I'm using JDBC realms with Tomcat4.0 with a HTML form. My question is, does the password get sent over the internet in plain text format or is it hashed/encrypted/digested in some way?
A good idea would be to digest it together with a random variable and the session Id using Md5 for example. Otherwise the password will be sent over the internet in plain text format for any hacker to grab it... Thanks for any help -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
