[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WWW User authentication
Right now, the only solution I know of is to use cookies for browsers that
support them, and do all the MD5-ing yourself. That excludes some browsers,
but you can support those in the totally insecure manner.
On Tue, 9 Apr 1996, Brian C. Lane wrote:
>
> I just finished writing a cgi script to allow users to change their login
> passwords via a webpage. I currently have the webpage being authenticated
> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> many browsers actually support it?
>
> When the user changes their password, the form sends their name, old
> password, and new password with it, in the clear. This is no worse than
> changing your password across a telnet connection, but I'd like it to be
> more secure, but useable by a large number of browsers.
>
> Any advice?
>
> Brian
>
> ------- <[email protected]> -------------------- <http://www.aa.net/~blane> -------
> Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
> ============== 11 99 3D DB 63 4D 0B 22 15 DC 5A 12 71 DE EE 36 ============
>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer [email protected]
The ForeQuest Company http://www.forequest.com/
"less is more."
-- Mies van de Rohe.
Ken Thompson has an automobile which he helped design. Unlike most
automobiles, it has neither speedometer, nor gas gage, nor any of the
numerous idiot lights which plague the modern driver. Rather, if the
driver makes any mistake, a giant "?" lights up in the center of the
dashboard. "The experienced driver", he says, "will usually know
what's wrong."
-- 'fortune` output