On and advanced note, there are ways to protect a users password on a normal http connection. The authentication program I helped developed and use has the abilty to make a hash of the password on the client side then send the hash value to the authentication script. The authenication script never sees the password just verifies the hash.
So, I can't sniff the password, but I can sniff the hash and then send the same one when I want access. This doesn't protect much until the user changes their password and I have to get their new hash.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
PHP|Architect: A magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
