I'm going to try this: http://plugins.jquery.com/project/sha256
On Sep 29, 6:18 pm, mdipierro <[email protected]> wrote: > If not running over http session.secure() will prevent sessions from > working and login will not work. > > hashing with a salt can easily be attacked. > > Massimo > > On Sep 29, 6:11 pm, "mr.freeze" <[email protected]> wrote: > > > Reddit seems to send a clear text password but Digg and a few others > > seem to be hashing on the client using a token salt before sending. > > I'm too cheap to pay for a unique IP and SSL so I will try that > > first. > > > Question: Does session.secure do anything useful when *not* running > > over https? > > > On Sep 29, 4:50 pm, mdipierro <[email protected]> wrote: > > > > I did not notice and that is bad. > > > > If your app uses authentication you should have > > > > session.secure() > > > > and use HTTPS. The latter line will not accept sessions cookies > > > without HTTPS. > > > > Massimo > > > > On Sep 29, 4:28 pm, "mr.freeze" <[email protected]> wrote: > > > > > What are sites like reddit.com doing to secure their logins? > > > > Anything? The login request goes over http according to firebug. I'm > > > > just wondering if my wiki site needs https for login or http is > > > > acceptable or if there is another trick I can use. > > > > > Thanks! > > > > Nathan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
