That's no solution, as now the oneway hash can be snooped and hijacked. You win absolutly nothing but wasted efford.
> -----Ursprüngliche Nachricht----- > Von: Durham David Cntr 805CSS/SCBE [mailto:[EMAIL PROTECTED]] > Gesendet: Freitag, 9. August 2002 16:30 > An: Tomcat Users List > Betreff: RE: SSL just for a login page > > 2) After a successful login, (still ssl, don't put anything > session yet) pass the user's ID and a one-way hashed version > of their password to a non ssl page that authenticates this > information and sets up their session. > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>