8 Nov
2005
8 Nov
'05
6:29 p.m.
On Tue, 8 Nov 2005 18:14:58 +0100, =?ISO-8859-1?Q?Konstantin_K=E4fer?= <kkaefer@gmail.com> wrote :
Hello,
Why should sending the password hashed increase security? Just get the hashed password and provide that to the script (of course not by entering it in the password field but by "faking" the HTTP POST values).
The only way to protect the password is using SSL or TLS.
True, but not everybody can use ssl/tls. What about some kind of authentication checking where the site would keep track of where you have logged in from and upon detection of a change would prompt you with a question that only you would know or send you an email that you would have to respond to before you could gain access? Pat