passwords to CGI
and-google at doxdesk.com
Wed Jan 15 16:52:36 CET 2003
Will Stuyvesant <hwlgw at hotmail.com> wrote:
> Is there a way to encrypt a password before it is sent?
A. Use SSL.
B. Use HTTP Digest Authentication.
C. Use client-side scripting to hash the password.
(A) is good, but implies the hassle of getting certificates, and
an HTTPS server if you are not already using one.
(B) is great, but is not well-supported by user agents. (read:
no-go on Internet Explorer)
I usually end up (on non-SSL sites) using a hybrid authentication
scheme where a script on the page generates an MD5 hash of the
password entered and puts it in a cookie. If the authentication-
required page(s) don't see a valid login cookie they fall back to
using HTTP Basic Authentication.
this if it might help.
mailto:and at doxdesk.com
More information about the Python-list