The php server sends it along the form. Which I said so:
"PHP will send a random number along with the login form. "
I don't see any problem sending that information to the client clear
(unencrypted), but that's why I'm asking.
Satyam
----- Original Message -----
From: "Barry" <barry@xxxxxxxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Monday, March 27, 2006 3:36 PM
Subject: Re: protecting passwords when SSL is not available
Satyam wrote:
b) concatenate this value with the session_id() or whatever random you
generated before
And where do you get that information?
Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
