Ryan A wrote:
Quick question, one of our sites already uses BASIC_AUTH to take the username and pass from clients, we were thinking of instead doing it via a login form (so we can also add a CAPTCHA later...if needed) what I would like to know is, by using a login form instead of a BASIC_AUTH are we comprimising security in any way (for example if someone is using a "sniffer") or does BASIC_AUTH have some kind of extra inbuilt security that forms dont have that I am not aware of?
Basic authentication offers no more security than a form - the login details are sent as plain text using both methods.
-Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php