Hello Austin, On Sun, 2011-01-09 at 14:06 +0530, Austin Einter wrote:
By checking few packets content I could figure out the user name and password in plain text.
This is an issue with *any* web application that connects over http. If this is a concern you should set up your webserver to use SSL (https) for such connections. That said, personally I feel users choosing poor passwords is a much greater concern than someone being able to sniff those passwords on the internet. For the average bad guy sniffing traffic on the internet requires much more effort than running a script that brute forces (weak) passwords. You might want to look into the User Protect module. You can use this module to block users from changing their passwords. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research