Michael O'Keefe wrote:
Even if you do it in flash, you'd have to ALSO encrypt the login with
SSL, otherwise you can tcpdump the interface and see the HTTP sent to
the server and get the variables that way
And I would just configure my browser to talk to a proxy in the clear
which would get the login in the clear anyhow. Or I could strace or gdb
the browser. Or access it with my own custom user agent which dumps such
information. Or... the possibilities are endless.
I think obfuscating the code or trying to hide form variables is all a
very bad idea and the original poster is wasting a lot of time just to
get a system which will be hard to debug and maintain.
--
Tracy R Reed http://ultraviolet.org
A: Because we read from top to bottom, left to right
Q: Why should I start my reply below the quoted text
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
