Re: EuForum, where is password setting?
Robert Craig wrote:
>
> Greg Haberek wrote:
> > > I encrypt the passwords before storing them in the database,
> > > but it would be easy for me to look at any text that you
> > > type into any HTML form on our site.
> >
> > You could implement a Javscript MD5 algorithm to hash the password
> > before it ever leaves the user's broswers. Yahoo! uses this method
> > with their log in, and the javascript is right in the source of their
> > login page.
> >
> > Just view the source of this page to get the javascript source:
> > <a
> > href="http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com">http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com</a>
> >
> > Then have your form hash the password before sending it via POST. This
> > has got to be more secure than what you're doing now.
>
> OK, thanks.
> That code might become useful if I need a higher level of security
> in the future. At the moment, the passwords are barely
> worth it. They just provide some partial protection against
> someone posting an embarassing message, or user contribution,
> pretending to be you. If money were involved, I guess I'd
> have to be more serious about it.
So if "passwords are barely worth it" and there is no money involved, why is
that we can't set our own password? Your earlier argument has just been destroyed
by your latest argument. It sounds like RDS just can't be bothered doing it for
their customers. I know that's no so, of course, but that's how it comes across.
--
Derek Parnell
Melbourne, Australia
irc://irc.sorcery.net:9000/euphoria
|
Not Categorized, Please Help
|
|
