W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: New Input type proposal

From: Alexander Mueller <alexm@gmx.at>
Date: Thu, 10 Jan 2008 19:02:36 +0100
Cc: public-html@w3.org
Message-ID: <20080110180236.66630@gmx.net>
To: Thomas Pike <thomasp@opera.com>, pjt47@cam.ac.uk

> 
> I'd strongly suggest reading RFC2617[1] (specifically the section on
> Digest 
> Access Authentication) which achieves exactly this through HTTP.

Although I am aware of the basic idea behind it, I have to admit I am not fully familiar with its complete functional scope, so please excuse if I missed something.

What happens if someone gains access to the server's hash database? Would this allow him to perform a login?

> 
> This provides a relatively* secure method of authentication that at no
> point 
> requires the storing or transmitting of password in plaintext.

Thats what I'd be trying to accomplish with Hash Input as well.

Alexander
-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
Received on Thursday, 10 January 2008 18:03:12 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:29 UTC