Hi, Many web sites have a user name and password login system, and do not use SSL. As a consequence, users' passwords are transmitted over the internet unencrypted. This puts them at risk, particularly if the user is on a shared ethernet segment, or open wireless network.
For many years I have provided a JavaScript MD5 library (http:// pajhome.org.uk/crypt/md5/), which can be used to perform a challenge- response login. This avoids passwords being transmitted unencrypted, although the security is not as strong as SSL. A number of web sites currently use this technique; for some years Yahoo did, although they now have SSL login. However, the use of JavaScript MD5 is not widespread. I think this is because few authentication libraries support it. It is possible for a library to provide JavaScript MD5 as an authentication mechanism, with the details hidden from the application developer. In fact, it's quite easy to implement, and there is a lot of guidance on my site. So, this is a call to the authors of all web authentication libraries. Add JavaScript MD5 as an authentication mechanism. And then let me know, so I can link to you from my site. If you need any help implementing it, drop me a line, I'll do what I can. I think supporting this mode would be a big selling point for any authentication library. And if support becomes widespread, the internet becomes a little bit safer for everyone. Best wishes, Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en -~----------~----~----~----~------~----~------~--~---
