I think you meant to send this to the OP not me. And please also include
the list in your replies.
Tijnema ! wrote:
The best way is using a HTML form, and then adding a javascript ,that
runs before submitting, that encrypts the password with md5.
This offers little more security than plain text. Your "encryption"
mechanism is visible to the "bad guys", so all you've done is added an
extra no-brainer hurdle for them to get over.
At the end of the day the best way to secure data being transferred from
client to server is to use SSL.
-Stut
On 3/4/07, *Stut* <stuttle@xxxxxxxxx <mailto:stuttle@xxxxxxxxx>> wrote:
Ryan A wrote:
> Quick question, one of our sites already uses BASIC_AUTH to take
the username and pass from clients, we were thinking of instead
doing it via a login form (so we can also add a CAPTCHA later...if
needed)
>
> what I would like to know is, by using a login form instead of a
BASIC_AUTH are we comprimising security in any way (for example if
someone is using a "sniffer") or does BASIC_AUTH have some kind of
extra inbuilt security that forms dont have that I am not aware of?
Basic authentication offers no more security than a form - the login
details are sent as plain text using both methods.
-Stut
--
PHP General Mailing List (http://www.php.net/ <http://www.php.net/>)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
