SV: CGI question: safe passwords possible?
Carsten Gehling
carsten at gehling.dk
Sun Jun 1 05:11:53 EDT 2003
> Fra: python-list-admin at python.org
> [mailto:python-list-admin at python.org]Pa vegne af Gerhard Haring
> Sendt: 31. maj 2003 12:26
> That's why I recommended to use digest authentication.
>
> See http://httpd.apache.org/docs/mod/mod_auth_digest.html
>
> It implements a similar algorithm that your proposed JavaScript gimmick
> did. Only that it works with all modern browsers, JavaScript enabled or
> not and that it's a standard.
>From http://httpd.apache.org/docs/mod/mod_auth_digest.html :
"Note: MD5 authentication provides a more secure password system than Basic
authentication, but only works with supporting browsers. As of this writing
(October 2001), the only major browsers which support digest authentication
are Opera 4.0, MS Internet Explorer 5.0 and Amaya. Therefore, we do not yet
recommend using this feature on a large Internet site. However, for personal
and intra-net use, where browser users can be controlled, it is ideal."
- Carsten
More information about the Python-list
mailing list