JavaScript doesn't implement any kind of one-way hashing. But that's for a good reason: suppose JavaScript encoded your password and sent it encoded to the server. The in-between hacker would retrieve the encoded password as it is sent to the server and simply pass that as the password - he doesn't ever need to know your undencoded password to break in, since the server expects it to be encoded anyway!
So you're only left with SSL for proper security... HTTP_AUTH is just another way of sending the unsername and password as plain text -- it's just more comfortable to use than checking if you have proper credeintials in every page. My personal recommendation is to forget about HTTP_AUTH and use SSL plus phplib for proper security. Bogdan > Hi > > The most insecure part of entering a password in a web > form is when you click "submit" and your password is > sent in plain text form to your next PHP script. > > Is there any way around this without using JavaScript? > How secure is it to use HTTP_AUTH? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
