that is a good suggestion.. Using SSL to perform "sensitive" logins.. and then using some sort of "hidden" or "encrypted" passwords in your sessions should provide a nice level of security and comfort..
::::::::::::::::::::::::::::::::::::::::::: : Julien Bonastre [The-Spectrum.org CEO] : A.K.A. The_RadiX : [EMAIL PROTECTED] : ABN: 64 235 749 494 : QUT Student :: 04475739 ::::::::::::::::::::::::::::::::::::::::::: ----- Original Message ----- From: "Brian McGarvie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 04, 2002 12:12 AM Subject: RE: [PHP] Secure user authentication another option is to use SSL for the login page/sensitive parts of the site that deal with any transfer of 'sensitive' data? -----Original Message----- From: Jon Haworth [mailto:[EMAIL PROTECTED]] Sent: 03 May 2002 15:08 To: 'The_RadiX'; [EMAIL PROTECTED] Subject: RE: [PHP] Secure user authentication Hi, > but the password is put through my own fairly unbreakable > (yes.. I am serious) password key system.. > SO basically you'll end up with a nice 32 char string > which is QUITE safe to pass around and the chance anyone's > gonna decrypt it IMHO is about zilch, > And all you have to do, is when they login once, just run > the password they entered through this "algorithm" and > check it against the stored algo'd password.. Presumably you have a Javascript implementation of your algorithm, which runs on the login page - otherwise you'd just be transmitting the password in clear text from the browser to the server, right? If you don't do this, how do you deal with getting the password from the user to the server so you can authenticate them? If you do, how do you deal with people who have Javascript disabled? Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
