Peter Lauri wrote:
Best groupmember,
I am about to develop an simple admintool for a webpage. My webhost (crappy
but nonexpensive) does not support HTTPS and I still want to be able to
create some sort of secure login.
For the moment I am just using a form that sends the username and passwd
with
If you use the Autority HTTP that pops up a login window by default, is that
safe against listeners?
/Peter
Sebastian Mendel [EMAIL PROTECTED] skrev i meddelandet
news:[EMAIL PROTECTED]
Peter Lauri wrote:
Best groupmember,
I am about to develop an simple admintool for a webpage. My
Peter Lauri wrote:
If you use the Autority HTTP that pops up a login window by default, is that
safe against listeners?
IMHO, the login-data is sent as plain text also, and this with every
subsequent request! and not only with the first!
--
Sebastian Mendel
www.sebastianmendel.de www.warzonez.de
On 11/18/2004 10:23 AM, Peter Lauri wrote:
If you use the Autority HTTP that pops up a login window by default, is that
safe against listeners?
It depends on the authentication method. Basic authentication method
passes passwords as base64 encoded plain text. Digest and even NTLM are
safer
--- Peter Lauri [EMAIL PROTECTED] wrote:
If you use the Autority HTTP that pops up a login window by
default, is that safe against listeners?
Assuming you mean HTTP Basic Authentication, it is not encrypted, so it is
not safe from snooping.
Chris
=
Chris Shiflett - http://shiflett.org/
5 matches
Mail list logo
