Re: [whatwg] Passwords

Roger H├ągensen <> writes:

> Also http logins with plaintext transmission of passwords/passphrases 
> need to go away, and is a pet peeve of mine, I detest Basic 
> HTTP-Authentication which is plaintext.

Note that Basic Auth + HTTPS provides reliable transport security.

> Hashing the password (or passphrase) in the client is the right way to 
> go, but currently javascript is needed to make that possible.

Do you know about HTTP digest authentication?

Nils Dagsson Moskopp // erlehmann

Received on Friday, 17 October 2014 15:09:56 UTC