- From: David Woolley <david@djwhome.demon.co.uk>
- Date: Sat, 16 Nov 2002 12:36:53 +0000 (GMT)
- To: www-html@w3.org
> isn't secure, he or she could trie an dictionary or brute-force attack, but > is is more secure, and I think that's a good thing. You don't need a dictionary attack. You have a plain text equivalent which you can inject into a an HTTP request without knowing the actual password. > Another idea, maybe make something like a "checksum" value in the type > attribute in the <INPUT> tag, which takes a checksum of all data? This is definitely outside the scope of HTML. It's also already in MIME, upon which HTTP is based, although Content-MD5 is not in the HTTP specs that I've actually seen.
Received on Saturday, 16 November 2002 07:37:01 UTC