[drupal-devel] Securing Login: MD5 password hashing using javascript

Adrian Rossouw adrian at bryght.com
Tue Nov 8 17:45:53 UTC 2005

Hash: SHA1

On 08 Nov 2005, at 7:29 PM, Pat Collins wrote:

> On Tue, 8 Nov 2005 18:14:58 +0100, =?ISO-8859-1?Q?Konstantin_K=E4fer?=
> <kkaefer at gmail.com> wrote :
>> Hello,
>> Why should sending the password hashed increase security? Just get  
>> the
>> hashed password and provide that to the script (of course not by
>> entering it in the password field but by "faking" the HTTP POST
>> values).
>> The only way to protect the password is using SSL or TLS.
> True, but not everybody can use ssl/tls.  What about some kind of
> authentication checking where the site would keep track of where  
> you have
> logged in from and upon detection of a change would prompt you with a
> question that only you would know or send you an email that you  
> would have
> to respond to before you could gain access?
Like certain ISP's that change the ip of the user with ever request ?

'where you have logged in from' is mostly impossible to determine.

- --
Adrian Rossouw
Drupal developer and Bryght Guy
http://drupal.org | http://bryght.com

Version: GnuPG v1.2.4 (Darwin)


More information about the development mailing list