>>The encryption happens server side and is really only intended to encrypt
>>variables that are passed to web client such as product id and stuff. The
only
>>way to do secure login and prevent sniffing is to use ssl which will
encrypt the
>>traffic to and from the client. I suppose javascript could be used to
fudge
>>encryption but that would be extremely weak way to do it. To protect
hidden
>>variables you will still need to use some form of server side encryption.
If you
>>have more than one hidden variable a good way is to put them in an array,
>>serialize it and encrypt the result and put that in a single hidden field.
It
>>would almost be impossible to interfere with those. Something like this:
Hmm.. Thanks for the answer.. This question was mainly asked because I was
paranoid about using Wifi to access my Yahoo Webmail.
No more accessing _anything_ private over wifi or rather.. I'll have to
re-think my password/privacy policy with regard to ssl/non ssl (http vs
https) sites..
Better be paranoid..
One other thing.. What's the difference in $$ for a site to be https rather
than http?? Cos you need to get a verisign cert or something?? Just
asking..
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
