9 Nov
2005
9 Nov
'05
4:39 p.m.
I agree that there's no substitute for SSL, and I also agree that some security is better than no security. As the author originally stated, this doesn't necessarily protect the current session (you can hijack a session by sniffing cookies anyway), but it protects against collecting passwords for other uses. Why can't this be done in contrib? On Nov 9, 2005, at 9:29 AM, Khalid B wrote:
Ber I agree with you that Javascript is not a solution. It gives a false sense of security and exposes the stored md5 hash of the password.
I also agree with you that SSL is the ultimate solution if one really needs security.
Allie Micka pajunas interactive, inc. http://www.pajunas.com scalable web hosting and open source strategies