It's all qualified. As the first response to your question said, it completely depends on what you want to do and how secure you want things to be. If you just use the <input type="password"> then your password will be sent over the web in plain text. That is only of any use for people looking over the user's shoulder, but if that's all you think you need then go ahead. I would put it something like this:
Weak: <input type="password> only. => no encryption. This should always be done anyway. MD5 (or other 1-way encryption) at server => plain text while in transit to server but useless to hacker of your system. MD5 in JavaScript => encrypted while being sent but the same hash can be sent by others so not perfect. SSL => Fully Encrypted connection between browser and server. Strong: Hopefully others will suggest other methods and add to my scale. Andoni. ----- Original Message ----- From: "RXZ JLo" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, November 22, 2002 9:50 AM Subject: Re: storing passwords > Thanks to all of you for the responses. > > apart from this password I will be storing some other > things too(they too are passwords but for some other > things in the application). I cant use one way hash as > I cant use them further. what mechanism should I > follow in this case? > > Also, for the login case should I bother about > encryption in the login form? Can I just use > <input type="password"/> and rely on the brower? > What are the pros and cons for this? If you see yahoo > login, they generate md5 using javascript on the > client side itself - is this really necessary? > > > Thanks again. > rf > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
