New Message: Re: password challenge in manila
webmaster at userland.com
webmaster at userland.com
Tue Oct 16 10:41:41 PDT 2001
A new message was posted:
Address: http://frontier.userland.com/discuss/msgReader$8954
By: David Carter-Tod (wccartd at wc.cc.va.us)
/MainResponder supports digest autenticated access via MD5 - it's used for Frontier Control Panel access depending on the setting of config.mainresponder.prefs.securityLevel (0 is basic, 3 is digest). The encoding verb is here. I requested this for Manila site logins on my list o' love./
Right, but I'm saying encode it *before* sending it across the network.
*Now:*
* Password sent across the network as clear text
* MD5-encoded by Frontier
* compared to the stored, MD5-encoded value.
* Cookie returned with encoded value
*I'm suggesting:*
* MD5 encode via Javascript
* send across the network
* compare to stored, MD5-encoded value.
* cookie returned with encoded value.
Actually, the blackboard page I referred to above, also sends a unique token to the client, which is used to encode the password on the client.
David
This is a Manila site.. http://manila.userland.com/.
More information about the Frontier-Server
mailing list