by anything short of a brute-force dictionary attack,
which nothing can prevent.
- Theo
-Original Message-
From: Papp Gyozo [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 24, 2001 5:59 AM
To: James Arthur; [EMAIL PROTECTED]
Subject: Re: [PHP] Most secure way to send a password
|
| JavaScript doesn't implement any kind of one-way hashing. But that's for a
| good reason: suppose JavaScript encoded your password and sent it encoded to
| the server. The in-between hacker would retrieve the encoded password as it
| is sent to the server and simply pass that as the
Hi
The most insecure part of entering a password in a web
form is when you click submit and your password is
sent in plain text form to your next PHP script.
Is there any way around this without using JavaScript?
How secure is it to use HTTP_AUTH?
Cheers
--jaa
JavaScript doesn't implement any kind of one-way hashing. But that's for a
good reason: suppose JavaScript encoded your password and sent it encoded to
the server. The in-between hacker would retrieve the encoded password as it
is sent to the server and simply pass that as the password - he
As a side note, that's obviously the most insecure part of entering the
password because it's the only time you enter the password. :-)
The most insecure part of entering a password in a web
form is when you click submit and your password is
sent in plain text form to your next PHP
5 matches
Mail list logo
