Re: [whatwg] Passwords

Roger Hågensen <rescator@emsai.net> writes:

> Also http logins with plaintext transmission of passwords/passphrases 
> need to go away, and is a pet peeve of mine, I detest Basic 
> HTTP-Authentication which is plaintext.

Note that Basic Auth + HTTPS provides reliable transport security.

> Hashing the password (or passphrase) in the client is the right way to 
> go, but currently javascript is needed to make that possible.

Do you know about HTTP digest authentication?
<http://en.wikipedia.org/wiki/Digest_access_authentication>

-- 
Nils Dagsson Moskopp // erlehmann
<http://dieweltistgarnichtso.net>

Received on Friday, 17 October 2014 15:09:56 UTC