Transmitting secure data from pdf@bizfon.com on 2001-02-22 (www-html@w3.org from February 2001)

From: <pdf@bizfon.com>
Date: Thu, 22 Feb 2001 18:35:12 -0500
To: www-html@w3.org
Message-ID: <852569FB.00819115.00@Enterprise>

If I wanted to create an application that required a user to log in with a
username and a password, using a password field on the page is not all that
secure.  As written in the HTML specs:
Note. Application designers should note that this mechanism affords only light
security protection. Although the password is masked by user agents from casual
observers, it is transmitted to the server in clear text, and may be read by
anyone with low-level access to the network.

Are there any features of HTML that will allow me to transmit sensitive data
from the client to the server in a more secure way?  Does SSL solve this
problem?

Thanks,
Pete

Received on Thursday, 22 February 2001 18:34:29 UTC