Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re: CGI Password

by tinman (Curate)
on Mar 28, 2001 at 12:39 UTC ( #67778=note: print w/replies, xml ) Need Help??

in reply to CGI Password

I'm definitely no security expert myself.. but a suggestion in addition to using crypt might be..

to use SSL to encrypt the pasword transfer from browser to webserver.. although not essential for a home/family setup, I can't imagine most business related sites not offering that option..HTTP sends everything in plain text, so anyone with a sniffer can simply lift your password off the wire, as it were....

this is one of the places to start, if you want to see a real implementation, a bit dated, but still holds true for lots of sites, I think.. also read "A guide to web authentication alternatives", given in the references section...

Replies are listed 'Best First'.
Re^2: CGI Password
by worik (Sexton) on Jul 10, 2015 at 00:56 UTC

      A quick perusal of the wayback machine shows the new home of A Guide to Web Authentication Alternatives by Jan Wolter. Do please note the dates - this document was written in 1997 and last revised in 2003. While it does give a useful grounding in some of the technologies, don't expect it to reflect the state of the art.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://67778]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2021-09-18 20:14 GMT
Find Nodes?
    Voting Booth?

    No recent polls found