Maybe I'm missing something fairly fundamental, but I don't see how simply sending an encoded password increases the security for a single site scenario. Surely a hacker just has to capture the encoded password and submit that? ( I can understand how it prevents the disclosure of the original plaintext password which might also be valid at other sites which do not utilise encoding and so prevents gaining access to several sites. I also understand how it avoids the need to store plaintext passwords in a validation database. ) Isn't SSL the only secure transport for any sensitive data? Waiting to be corrected ... Regards, Roy -----Original Message----- From: N.A.Morgan@bton.ac.uk [mailto:N.A.Morgan@bton.ac.uk] Sent: 05 December 2003 12:07 To: exiang@xullum.net; php-windows@lists.php.net Subject: RE: md5 password with javascirpt Try this site: http://pajhome.org.uk/ for the MD5.js file. Lots of security tips and tricks. -----Original Message----- From: Exiang [mailto:allentan@pd.jaring.my] Sent: 05 December 2003 08:39 To: php-windows@lists.php.net Subject: md5 password with javascirpt Hi, question: how to encode a password in client side with javascipt.. thanx. regards, exiang -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
