- From: Alexander Mueller <alexm@gmx.at>
- Date: Thu, 10 Jan 2008 19:02:36 +0100
- To: Thomas Pike <thomasp@opera.com>, pjt47@cam.ac.uk
- Cc: public-html@w3.org
> > I'd strongly suggest reading RFC2617[1] (specifically the section on > Digest > Access Authentication) which achieves exactly this through HTTP. Although I am aware of the basic idea behind it, I have to admit I am not fully familiar with its complete functional scope, so please excuse if I missed something. What happens if someone gains access to the server's hash database? Would this allow him to perform a login? > > This provides a relatively* secure method of authentication that at no > point > requires the storing or transmitting of password in plaintext. Thats what I'd be trying to accomplish with Hash Input as well. Alexander -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
Received on Thursday, 10 January 2008 18:03:12 UTC