The PHPLIB auth class has some code to do this. You might want to look there
for ideas. If I recall correctly, they sent a hidden random string along
with the form that was different on each request. They then did an md5 hash
of the post data concatenated with the random string.
> -----Original Message-----
> From: Erik Price [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, February 23, 2002 12:20 PM
> To: PHP
> Subject: [PHP] encryption and HTTP
> md5 hash or
> encrypt a string before sending it out as a POST request?
> It seems that without encrypting the data before sending it, it can
> still be intercepted. Once intercepted, it doesn't matter if I use
> md5() on the $_POST['password'] once it gets to the script, because
> anyone can submit the same intercepted string to the script
> via POST and
> it will be md5()ed when it gets there, thus defeating the purpose.
> Maybe I haven't quite wrapped my brain around a decent authentication
> scheme yet.
> Erik Price
> Web Developer Temp
> Media Lab, H.H. Brown
> [EMAIL PROTECTED]
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php