Just to let you all know, I DID NOT WRITE THIS BIT OF CODE.
It is another Paul Johnston somewhere else in England.
Paul (CF Master) Johnston ;)
> -----Original Message-----
> From: BORKMAN Lee [mailto:[EMAIL PROTECTED]]
> Sent: 18 October 2000 23:59
> To: CF-Talk
> Subject: RE: Storing passwords in database as one way hash
>
>
> Hi all,
>
> The JavaScript code I am using is publicly available:
> /*
> * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
> * Digest Algorithm, as defined in RFC 1321.
> * Copyright (C) Paul Johnston 1999 - 2000.
> * See http://pajhome.org.uk/site/legal.html for details.
> */
>
> I must admit that I haven't tried it with a Mac browser, because that does
> not apply in our Intranet environment. No problem on PC and
> Linux, Netscape
> and IE.
>
> If JavaScript is disabled, then the password is sent in clear.
> What happens
> then depends on whether JavaScript was enabled when the password was
> originally set.
>
> Interesting,
> Lee (Bjork) Borkman
> http://bjork.net ColdFusion Tags by Bjork
>
>
> -----Original Message-----
> From: Dirk De Bock [mailto:[EMAIL PROTECTED]]
>
> Show us the code! :-)
>
> Or more politely, I'd love to have a look a that. Is this javascript code
> publicly available?
>
> Of course the effect is that the hash is sent across the wire
> instead of the
> clear text password, so it could still be sniffed I guess.
>
> ----- Original Message -----
> From: "BORKMAN Lee" <[EMAIL PROTECTED]>
> >
> > You can do better than hashing on the server side. I use a
> JavaScript MD5
> > hash on the client-side. This prevents the password being sent over the
> > network in clear, and alleviates the need for SSL in some circumstances.
> >
>
>
> IMPORTANT NOTICE:
> This e-mail and any attachment to it is intended only to be read
> or used by
> the named addressee. It is confidential and may contain legally
> privileged
> information. No confidentiality or privilege is waived or lost by any
> mistaken transmission to you. If you receive this e-mail in error, please
> immediately delete it from your system and notify the sender.
> You must not
> disclose, copy or use any part of this e-mail if you are not the intended
> recipient. The RTA is not responsible for any unauthorised alterations to
> this e-mail or attachment to it.
> ------------------------------------------------------------------
> ------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> or send a message with 'unsubscribe' in the body to
> [EMAIL PROTECTED]
>
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
