[development] Securing Login: MD5 password hashing using javascript

Allie Micka allie at pajunas.com
Wed Nov 9 15:39:27 UTC 2005

I agree that there's no substitute for SSL, and I also agree that  
some security is better than no security.  As the author originally  
stated, this doesn't necessarily protect the current session (you can  
hijack a session by sniffing cookies anyway), but it protects against  
collecting passwords for other uses.

Why can't this be done in contrib?

On Nov 9, 2005, at 9:29 AM, Khalid B wrote:

> Ber I agree with you that Javascript is not a solution. It gives a
> false sense of security and exposes the stored md5 hash of the
> password.
> I also agree with you that SSL is the ultimate solution if one really
> needs security.

Allie Micka
pajunas interactive, inc.

scalable web hosting and open source strategies

More information about the development mailing list