I wondered this too. We used IIS to limit acess to specific IP block of users, along with client and even server side encoding but even that can be compromised. I think any form of security needs to be looked at closely...them there hackers are a tricky bunch...and they don't share the same deadlines us application engineers do. ROn >From: Roy Henderson >To: php-windows@lists.php.net >Sent: 12/08/2003 2:49 PM >Maybe I'm missing something fairly fundamental, but I don't see how simply >sending an encoded password increases the security for a single site >scenario. > >Surely a hacker just has to capture the encoded password and submit that? > >( I can understand how it prevents the disclosure of the original plaintext >password which might also be valid at other sites which do not utilise >encoding and so prevents gaining access to several sites. I also understand >how it avoids the need to store plaintext passwords in a validation >database. ) > >Isn't SSL the only secure transport for any sensitive data? > >Waiting to be corrected ... > >Regards, > >Roy > > >-----Original Message----- >From: N.A.Morgan@bton.ac.uk [mailto:N.A.Morgan@bton.ac.uk] >Sent: 05 December 2003 12:07 >To: exiang@xullum.net; php-windows@lists.php.net >Subject: RE: md5 password with javascirpt > >Try this site: http://pajhome.org.uk/ for the MD5.js file. > >Lots of security tips and tricks. > >-----Original Message----- >From: Exiang [mailto:allentan@pd.jaring.my] >Sent: 05 December 2003 08:39 >To: php-windows@lists.php.net >Subject: md5 password with javascirpt > > >Hi, >question: how to encode a password in client side with javascipt.. > >thanx. > >regards, >exiang > >-- >PHP Windows Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > >-- >PHP Windows Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
