|
|
On Sat, Jun 26, 2010 at 10:02 AM, Javier Bassi <javierbassi@xxxxxxxxx> wrote:
> If I'm not wrong, some forums like vBulletin when you login, they send
> the password in md5 (using javascript). Thats better than sending it
> in plain/text.
Howso? In either case you have an observable value which can be
submitted to the web server to gain access.
Obfuscation != security.
Either use SSL or a challenge/response authentication system of some
sort. There really isn't a substitute beyond this.
Best Wishes,
Chris Travers
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
|
|