W3C home > Mailing lists > Public > public-html@w3.org > January 2008

Re: New Input type proposal

From: Alexander Mueller <alexm@gmx.at>
Date: Thu, 10 Jan 2008 19:02:36 +0100
Cc: public-html@w3.org
Message-ID: <20080110180236.66630@gmx.net>
To: Thomas Pike <thomasp@opera.com>, pjt47@cam.ac.uk

> I'd strongly suggest reading RFC2617[1] (specifically the section on
> Digest 
> Access Authentication) which achieves exactly this through HTTP.

Although I am aware of the basic idea behind it, I have to admit I am not fully familiar with its complete functional scope, so please excuse if I missed something.

What happens if someone gains access to the server's hash database? Would this allow him to perform a login?

> This provides a relatively* secure method of authentication that at no
> point 
> requires the storing or transmitting of password in plaintext.

Thats what I'd be trying to accomplish with Hash Input as well.

Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
Received on Thursday, 10 January 2008 18:03:12 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:25 UTC