Re: EuForum, where is password setting?

new topic     » goto parent     » topic index » view thread      » older message » newer message 

> I encrypt the passwords before storing them in the database,
> but it would be easy for me to look at any text that you
> type into any HTML form on our site.

You could implement a Javscript MD5 algorithm to hash the password
before it ever leaves the user's broswers. Yahoo! uses this method
with their log in, and the javascript is right in the source of their
login page.

Just view the source of this page to get the javascript source:
http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com

Then have your form hash the password before sending it via POST. This
has got to be more secure than what you're doing now.

~Greg

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu