On Tue, 9 Apr 1996 16:12:17 -0600, you wrote:
I just finished writing a cgi script to allow users to change their login passwords via a webpage. I currently have the webpage being authenticated with the basic option (uuencoded plaintext). MD5 would be nicer, but how many browsers actually support it?
A straight MD5 probably isn't supported by any of them, but then again MD5 is not necessarily going to help too much. The sort of people that need a web page to change their password aren't likely to use overly complex passwords (mixed-case, scrambled-in numbers, et al.) So if a snoop can get the MD5, her chances of getting a password aren't all that bad.
Hey! I'm not a total dunce! <G> The cgi I wrote (ok, ok, hacked) includes cracklib support. It won't let people enter simple passwords.
Your best bet is to try to implement it via SSL, but as I understand it that limits you on your server options quite a bit. Netscape and Apache have it, as I understand; I think that's about it actually. But that's far from my areas of expertise.
Yep, that's about it. And they want you to pay for using it in a commercial venture (which my system will be eventually), and I can't justify (or afford) the expense. Brian ------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> ------- Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!) ============== 11 99 3D DB 63 4D 0B 22 15 DC 5A 12 71 DE EE 36 ============