Hi guys, Thank you for your responses and your input. "At the end of the day the best way to secure data being transferred from client to server is to use SSL." THAT I know ;) was just wondering from a normal http page... and you answered that question perfectly...so thanks again! Would someone mind sending me that javascript in question, I dont think I will be using it but I would like to have a look at it. Cheers! R Stut <stuttle@xxxxxxxxx> wrote: I think you meant to send this to the OP not me. And please also include the list in your replies. Tijnema ! wrote: > The best way is using a HTML form, and then adding a javascript ,that > runs before submitting, that encrypts the password with md5. This offers little more security than plain text. Your "encryption" mechanism is visible to the "bad guys", so all you've done is added an extra no-brainer hurdle for them to get over. At the end of the day the best way to secure data being transferred from client to server is to use SSL. -Stut > On 3/4/07, *Stut* > wrote: > > Ryan A wrote: > > Quick question, one of our sites already uses BASIC_AUTH to take > the username and pass from clients, we were thinking of instead > doing it via a login form (so we can also add a CAPTCHA later...if > needed) > > > > what I would like to know is, by using a login form instead of a > BASIC_AUTH are we comprimising security in any way (for example if > someone is using a "sniffer") or does BASIC_AUTH have some kind of > extra inbuilt security that forms dont have that I am not aware of? > > Basic authentication offers no more security than a form - the login > details are sent as plain text using both methods. > > -Stut > > -- > PHP General Mailing List (http://www.php.net/ ) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ------ - The faulty interface lies between the chair and the keyboard. - Creativity is great, but plagiarism is faster! - Smile, everyone loves a moron. :-) --------------------------------- Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut.
