Hi, > but the password is put through my own fairly unbreakable > (yes.. I am serious) password key system.. > SO basically you'll end up with a nice 32 char string > which is QUITE safe to pass around and the chance anyone's > gonna decrypt it IMHO is about zilch, > And all you have to do, is when they login once, just run > the password they entered through this "algorithm" and > check it against the stored algo'd password..
Presumably you have a Javascript implementation of your algorithm, which runs on the login page - otherwise you'd just be transmitting the password in clear text from the browser to the server, right? If you don't do this, how do you deal with getting the password from the user to the server so you can authenticate them? If you do, how do you deal with people who have Javascript disabled? Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
