> Just FYI, the nav bar thingies and the unencrypted login page still > don't transmit your password in plaintext, even if there's no visible > encryption going on, unless you don't have Javascript enabled. The > login form uses JS to hash your password first, and only transmits > the hash, not the password itself. (LJ does this, too.) > > Not quite what you were asking for, but still!
OooOOooo. Very slick. I didn't know that. Thanks for mentioning it. Hmm. Does it do anything to protect against man-in-the-middle grabbing of the encrypted token? I seem to recall hearing that LJ does something elaborate to that end w/ JS (possibly dependent on HTTPS). -- Siderea _______________________________________________ dw-discuss mailing list [email protected] http://lists.dwscoalition.org/cgi-bin/mailman/listinfo/dw-discuss
