> isn't secure, he or she could trie an dictionary or brute-force attack, but > is is more secure, and I think that's a good thing. You don't need a dictionary attack. You have a plain text equivalent which you can inject into a an HTTP request without knowing the actual password. > Another idea, maybe make something like a "checksum" value in the type > attribute in the <INPUT> tag, which takes a checksum of all data? This is definitely outside the scope of HTML. It's also already in MIME, upon which HTTP is based, although Content-MD5 is not in the HTTP specs that I've actually seen.Received on Saturday, 16 November 2002 07:37:01 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:49:29 GMT