hashes from the entries in a form:
so you would never have to pass passwords in clear text, as long as the hash
agrees with the one created server side, login is successful.
the PHPlib docs describe it better than me, but it works great.
----- Original Message -----
From: "Chris Withers" <[EMAIL PROTECTED]>
To: "albert boulanger" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, August 15, 2000 2:13 PM
Subject: Re: [Zope] Implementing a login form instead of BASIC
> albert boulanger wrote:
> > DIGEST seems good in that it is encrypted and uses the
> > Challange/Response like BASIC for every HTTP transaction -- matched well
> > with the stateless nature of HTTP.
> AFAIK, no browsers (maybe Mozilla, but that has the stability of a house
> of cards ;-) support Digest adn I'm pretty sure that Zope doesn't either
> > 1) One should encrypt the info in the cookie
> > 2) How does one get around the stateless nature or HHTP in secure way
> > cookies? In other words, unless the HTTP transaction is challenged
> > time, how do you really know that someone is not trying to slip into
> > existing session?
> Hehe, welcome to one of the biggest challenges on the web...
> ...that, and getting your CSS to eb compatible with all the major
> browsers ;-)
> Zope maillist - [EMAIL PROTECTED]
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-dev )
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -