m being recovered by anything short of a brute-force dictionary attack,
which nothing can prevent.
- Theo
-Original Message-
From: Papp Gyozo [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 24, 2001 5:59 AM
To: James Arthur; [EMAIL PROTECTED]
Subject: Re: [PHP] Most secure wa
|
| JavaScript doesn't implement any kind of one-way hashing. But that's for a
| good reason: suppose JavaScript encoded your password and sent it encoded to
| the server. The in-between hacker would retrieve the encoded password as it
| is sent to the server and simply pass that as the pa
As a side note, that's obviously the most insecure part of entering the
password because it's the only time you enter the password. :-)
> > The most insecure part of entering a password in a web
> > form is when you click "submit" and your password is
> > sent in plain text form to your next PHP
JavaScript doesn't implement any kind of one-way hashing. But that's for a
good reason: suppose JavaScript encoded your password and sent it encoded to
the server. The in-between hacker would retrieve the encoded password as it
is sent to the server and simply pass that as the password - he do
4 matches
Mail list logo
