Hi all,
The JavaScript code I am using is publicly available:
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Copyright (C) Paul Johnston 1999 - 2000.
* See http://pajhome.org.uk/site/legal.html for details.
*/
I must admit that I haven't tried it with a Mac browser, because that does
not apply in our Intranet environment. No problem on PC and Linux, Netscape
and IE.
If JavaScript is disabled, then the password is sent in clear. What happens
then depends on whether JavaScript was enabled when the password was
originally set.
Interesting,
Lee (Bjork) Borkman
http://bjork.net ColdFusion Tags by Bjork
-----Original Message-----
From: Dirk De Bock [mailto:[EMAIL PROTECTED]]
Show us the code! :-)
Or more politely, I'd love to have a look a that. Is this javascript code
publicly available?
Of course the effect is that the hash is sent across the wire instead of the
clear text password, so it could still be sniffed I guess.
----- Original Message -----
From: "BORKMAN Lee" <[EMAIL PROTECTED]>
>
> You can do better than hashing on the server side. I use a JavaScript MD5
> hash on the client-side. This prevents the password being sent over the
> network in clear, and alleviates the need for SSL in some circumstances.
>
IMPORTANT NOTICE:
This e-mail and any attachment to it is intended only to be read or used by
the named addressee. It is confidential and may contain legally privileged
information. No confidentiality or privilege is waived or lost by any
mistaken transmission to you. If you receive this e-mail in error, please
immediately delete it from your system and notify the sender. You must not
disclose, copy or use any part of this e-mail if you are not the intended
recipient. The RTA is not responsible for any unauthorised alterations to
this e-mail or attachment to it.
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
