WWW User authentication
Brian C. Lane
blane at aa.net
Tue Apr 9 15:32:05 PDT 1996
I just finished writing a cgi script to allow users to change their login
passwords via a webpage. I currently have the webpage being authenticated
with the basic option (uuencoded plaintext). MD5 would be nicer, but how
many browsers actually support it?
When the user changes their password, the form sends their name, old
password, and new password with it, in the clear. This is no worse than
changing your password across a telnet connection, but I'd like it to be
more secure, but useable by a large number of browsers.
Any advice?
Brian
------- <blane at aa.net> -------------------- <http://www.aa.net/~blane> -------
Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
============== 11 99 3D DB 63 4D 0B 22 15 DC 5A 12 71 DE EE 36 ============
More information about the cypherpunks-legacy
mailing list