 |
 |
 |
 |
|
|
Date: 03/31/00
- Next message: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Previous message: Max A. Derkachev: "Re: [PHPLIB] Question about basic PHPlib logic."
- Next in thread: Kristian Koehntopp: "Re: [PHPLIB] using md5-related stuff in PHPLIB"
- Reply: Kristian Koehntopp: "Re: [PHPLIB] using md5-related stuff in PHPLIB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all.
I wonder if there are any sense in using md5-related stuff in
authentication in PHPLIB? Even if one uses Challenge-Auth and
passwords transmitted in the md5 hashes over the network, there is no
defense from a sniffer, since the things are transmitted over
non-encrypted connection. One can grab that hashes as well as cleartext
passwords, and then submit it to the site as passwords, so there would
be no benefits from using that md5 stuff in the authentication process. Only SSL
could prevent password grabbing. So why use the md5? Or where am I
wrong?
-- Best regards, Max A. Derkachev- PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>. To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in the body, not the subject, of your message.
- Next message: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Previous message: Max A. Derkachev: "Re: [PHPLIB] Question about basic PHPlib logic."
- Next in thread: Kristian Koehntopp: "Re: [PHPLIB] using md5-related stuff in PHPLIB"
- Reply: Kristian Koehntopp: "Re: [PHPLIB] using md5-related stuff in PHPLIB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]