It wont matter if it is sent in clear text because at that point you are over 
https/SSL. The entire stream is encrypted. I understand the need for using the 
existing system. I think LDAP does look like a good way to go. 


Quoting James Arthur <[EMAIL PROTECTED]>:

> On Sunday 03 Feb 2002 17:43, Viper wrote:
> > Well it depends what you want to do, Do they need to just get into the
> app
> > or do they need to have different access levels? If they dont need access
> > levels just use htaccess that should work out fine.
> >
> htaccess isn't secure enough, since it sends the password in plain text to 
> the server. Besides, the users already have accounts on the server, so it 
> would make more sense to authenticate against an existing system, like 
> IMAP/POP3. Doing that's easy enough, and also has the side effect that when
> they log in it tells them whether they have new mail or not.
> The problem is finding a way to enter login details that does not send the 
> password across the internet in plain text mode. The only way seems to use 
> SSL, but I don't know how to implement it.
> --jaa
> -- 
> PHP General Mailing List (
> To unsubscribe, visit:

Welcome To the Future

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to