All,

PHPlib (http://phplib.netuse.de)  has a piece of javascript that creates MD5
hashes from the entries in a form:

so you would never have to pass passwords in clear text, as long as the hash
agrees with the one created server side, login is successful.

the PHPlib docs describe it better than me, but it works great.

hth

Phil
[EMAIL PROTECTED]

----- Original Message -----
From: "Chris Withers" <[EMAIL PROTECTED]>
To: "albert boulanger" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, August 15, 2000 2:13 PM
Subject: Re: [Zope] Implementing a login form instead of BASIC
authentication


> albert boulanger wrote:
> > DIGEST seems good in that it is encrypted and uses the
> > Challange/Response like BASIC for every HTTP transaction -- matched well
> > with the stateless nature of HTTP.
>
> AFAIK, no browsers (maybe Mozilla, but that has the stability of a house
> of cards ;-) support Digest adn I'm pretty sure that Zope doesn't either
> :(
>
> >  1) One should encrypt the info in the cookie
>
> Definitely
>
> >  2) How does one get around the stateless nature or HHTP in secure way
using
> >     cookies? In other words, unless the HTTP transaction is challenged
every
> >     time, how do you really know that someone is not trying to slip into
an
> >     existing session?
>
> Hehe, welcome to one of the biggest challenges on the web...
>
> ...that, and getting your CSS to eb compatible with all the major
> browsers ;-)
>
> cheers,
>
> Chris
>
> _______________________________________________
> Zope maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )


_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to