CGI question: safe passwords possible?
Gerhard Häring
gh at ghaering.de
Sat May 31 06:26:12 EDT 2003
Ian Bicking wrote:
> On Sat, 2003-05-31 at 03:01, Erik Max Francis wrote:
> [Apache authentication]
> Basic authentication, it should be noted, sends password in cleartext
> (or close enough).
That's why I recommended to use digest authentication.
See http://httpd.apache.org/docs/mod/mod_auth_digest.html
It implements a similar algorithm that your proposed JavaScript gimmick
did. Only that it works with all modern browsers, JavaScript enabled or
not and that it's a standard.
-- Gerhard
More information about the Python-list
mailing list