1996-04-09 - WWW User authentication

Header Data

From: blane@aa.net (Brian C. Lane)
To: cypherpunks@toad.com
Message Hash: 3223fb62697a307bb6860af78d2cb18ba3cb339c21273dbdfc282527b2609dc9
Message ID: <31676b78.52447450@mail.aa.net>
Reply To: N/A
UTC Datetime: 1996-04-09 22:32:05 UTC
Raw Date: Wed, 10 Apr 1996 06:32:05 +0800

Raw message

From: blane@aa.net (Brian C. Lane)
Date: Wed, 10 Apr 1996 06:32:05 +0800
To: cypherpunks@toad.com
Subject: WWW User authentication
Message-ID: <31676b78.52447450@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



  I just finished writing a cgi script to allow users to change their login
passwords via a webpage. I currently have the webpage being authenticated
with the basic option (uuencoded plaintext). MD5 would be nicer, but how
many browsers actually support it?

  When the user changes their password, the form sends their name, old
password, and new password with it, in the clear. This is no worse than
changing your password across a telnet connection, but I'd like it to be
more secure, but useable by a large number of browsers.

  Any advice?

    Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============





Thread