m being recovered by anything short of a brute-force dictionary attack,
which nothing can prevent.
- Theo
-Original Message-
From: Papp Gyozo [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 24, 2001 5:59 AM
To: James Arthur; [EMAIL PROTECTED]
Subject: Re: [PHP] Most secure wa
|
| JavaScript doesn't implement any kind of one-way hashing. But that's for a
| good reason: suppose JavaScript encoded your password and sent it encoded to
| the server. The in-between hacker would retrieve the encoded password as it
| is sent to the server and simply pass that as the pa
As a side note, that's obviously the most insecure part of entering the
password because it's the only time you enter the password. :-)
> > The most insecure part of entering a password in a web
> > form is when you click "submit" and your password is
> > sent in plain text form to your next PHP
JavaScript doesn't implement any kind of one-way hashing. But that's for a
good reason: suppose JavaScript encoded your password and sent it encoded to
the server. The in-between hacker would retrieve the encoded password as it
is sent to the server and simply pass that as the password - he do
Hi
The most insecure part of entering a password in a web
form is when you click "submit" and your password is
sent in plain text form to your next PHP script.
Is there any way around this without using JavaScript?
How secure is it to use HTTP_AUTH?
Cheers
--jaa
__
5 matches
Mail list logo
