The PHPLIB auth class has some code to do this. You might want to look there for ideas. If I recall correctly, they sent a hidden random string along with the form that was different on each request. They then did an md5 hash of the post data concatenated with the random string.
Kirk > -----Original Message----- > From: Erik Price [mailto:[EMAIL PROTECTED]] > Sent: Saturday, February 23, 2002 12:20 PM > To: PHP > Subject: [PHP] encryption and HTTP > > > Without using SSL or JavaScript, is there any way to make an > md5 hash or > encrypt a string before sending it out as a POST request? > > It seems that without encrypting the data before sending it, it can > still be intercepted. Once intercepted, it doesn't matter if I use > md5() on the $_POST['password'] once it gets to the script, because > anyone can submit the same intercepted string to the script > via POST and > it will be md5()ed when it gets there, thus defeating the purpose. > > Maybe I haven't quite wrapped my brain around a decent authentication > scheme yet. > > > Erik > > > > > > ---- > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
