8 Feb
2001
8 Feb
'01
7:17 p.m.
Even using Cookie mode authentication with the LoginManager product, the user/password data is merely base64 encoded (not encrypted).
Someday I like to get a challenge/response authentication going, where the server sends a one-time challenge value and the client/browser uses MD5 (via javascript) to hash the user's password combined with that one-time code. This works great in PHPlib. But I don't understand the architecture of LoginManager well enough yet to hack it.
Better yet, wider client support for HTTP Digest authentication (a standards-based equivalent to the above). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com