Yeah the idea of php md5() hash is for data integrity, by taking a hash of some data and taking a hash of it later, allows you to compare the results and see if the data hash been changed, such as a database value.
You have to use some form of client side technology to pass variables encrypted. e.g. using Javascript or implementing SSL. U could always use Java applets. Muz "Erik Price" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Without using SSL or JavaScript, is there any way to make an md5 hash or > encrypt a string before sending it out as a POST request? > > It seems that without encrypting the data before sending it, it can > still be intercepted. Once intercepted, it doesn't matter if I use > md5() on the $_POST['password'] once it gets to the script, because > anyone can submit the same intercepted string to the script via POST and > it will be md5()ed when it gets there, thus defeating the purpose. > > Maybe I haven't quite wrapped my brain around a decent authentication > scheme yet. > > > Erik > > > > > > ---- > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php