Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Securing Web Apps.

by iburrell (Chaplain)
on Nov 13, 2003 at 00:05 UTC ( #306683=note: print w/replies, xml ) Need Help??

in reply to Securing Web Apps.

It does not help security that much in having JavaScript on the client calculate the hash. The SSL protects the username and password from going across the wire in the clear. The client JavaScript is fragile and browser dependent.

If you aren't using SSL and the challange is not randomized for each client, then you are vulnerable to replay attacks. The attacker can send the sniffed token and login like a normal user without having to know the password.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://306683]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2022-01-21 23:58 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (59 votes). Check out past polls.