[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WWW User authentication




  I just finished writing a cgi script to allow users to change their login
passwords via a webpage. I currently have the webpage being authenticated
with the basic option (uuencoded plaintext). MD5 would be nicer, but how
many browsers actually support it?

  When the user changes their password, the form sends their name, old
password, and new password with it, in the clear. This is no worse than
changing your password across a telnet connection, but I'd like it to be
more secure, but useable by a large number of browsers.

  Any advice?

    Brian

------- <[email protected]> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============