[phplib] question about functionality of phplib From: aellist (aellist <email protected>)
Date: 01/29/01

I believe (from all of the reading around the web I've tried to do) that
phplib handles secure authentication - but I want to check with you
knowledgeable folk before assuming so.

Essentially, I have a situation where users log in using a basic HTML form,
supplying a username and password. This is then checked against an encrypted
password which is stored in a database. Everything _within_ the site is
secure, and has been set up to work well with sessions in PHP 4.

The problem is that the usernames and passwords are passed in plain text
between the browser and the server, which defeats the purpose of server-side
security for my purposes (for which security is crucial).

I can set up the site with SSL - but this won't always apply, for various
reasons (and I want to just improve my understanding of PHP in general).

So, assuming SSL cannot be used, what are the various ways to pass encrypted
data from the browser to the server? Is this the sort of thing that phplib
is designed for? (I thought so, but I have become unsure of this
assumption.) And how well does phplib integrate with PHP 4?

Thanks,
Andrew Elliston

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>