another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?

-----Original Message-----
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
Subject: RE: [PHP] Secure user authentication


> but the password is put through my own fairly unbreakable 
> (yes.. I am serious) password key system..
> SO basically you'll end up with a nice 32 char string 
> which is QUITE safe to pass around and the chance anyone's 
> gonna decrypt it IMHO is about zilch,
> And all you have to do, is when they login once, just run 
> the password they entered through this "algorithm" and 
> check it against the stored algo'd password..

Presumably you have a Javascript implementation of your algorithm, which
runs on the login page - otherwise you'd just be transmitting the
in clear text from the browser to the server, right? 

If you don't do this, how do you deal with getting the password from the
user to the server so you can authenticate them? 

If you do, how do you deal with people who have Javascript disabled?


PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to