[development] Securing Login: MD5 password hashing using
javascript
Allie Micka
allie at pajunas.com
Wed Nov 9 15:39:27 UTC 2005
I agree that there's no substitute for SSL, and I also agree that
some security is better than no security. As the author originally
stated, this doesn't necessarily protect the current session (you can
hijack a session by sniffing cookies anyway), but it protects against
collecting passwords for other uses.
Why can't this be done in contrib?
On Nov 9, 2005, at 9:29 AM, Khalid B wrote:
> Ber I agree with you that Javascript is not a solution. It gives a
> false sense of security and exposes the stored md5 hash of the
> password.
>
> I also agree with you that SSL is the ultimate solution if one really
> needs security.
Allie Micka
pajunas interactive, inc.
http://www.pajunas.com
scalable web hosting and open source strategies
More information about the development
mailing list