[development] Re: development Digest, Vol 35, Issue 28

David K Norman deekayen at deekayen.net
Thu Nov 10 15:58:19 UTC 2005


But if someone can sniff the password, there's a reasonable chance they
can also do a man in the middle attack to insert malicious javascript to
send the password in the clear anyway. It really seems like all you're
doing is confusing novice admins as to whether they'll need SSL or not
to protect communications.

> Message: 4
> Date: Wed, 9 Nov 2005 22:49:34 -0500
> From: Moshe Weitzman <weitzman at tejasa.com>
> Subject: Re: [development] Re: [drupal-devel] Securing Login: MD5
> 	password	hashing using javascript

> getting back to the topic, i'd love to see javascript hashing of  
> password. this is used in phpmyadmin and many other projects.
> 
> keyloggers have nothing to do with this. do folks think they are  
> being smart when they post 'but this won't stop a keylogger'? no  
> shit. that sort of post only serves to derail an otherwise useful  
> conversation. please resist the temptation.


More information about the development mailing list