It wont matter if it is sent in clear text because at that point you are over https/SSL. The entire stream is encrypted. I understand the need for using the existing system. I think LDAP does look like a good way to go.
-=>Adam<=- Quoting James Arthur <[EMAIL PROTECTED]>: > On Sunday 03 Feb 2002 17:43, Viper wrote: > > Well it depends what you want to do, Do they need to just get into the > app > > or do they need to have different access levels? If they dont need access > > levels just use htaccess that should work out fine. > > > > htaccess isn't secure enough, since it sends the password in plain text to > the server. Besides, the users already have accounts on the server, so it > would make more sense to authenticate against an existing system, like > IMAP/POP3. Doing that's easy enough, and also has the side effect that when > > they log in it tells them whether they have new mail or not. > > The problem is finding a way to enter login details that does not send the > password across the internet in plain text mode. The only way seems to use > SSL, but I don't know how to implement it. > > --jaa > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > ----------------------------------------- http://www.2ghz.net/ Welcome To the Future -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php