1996-04-10 - Re: WWW User authentication

Header Data

From: Jeremey Barrett <jeremey@forequest.com>
To: “Brian C. Lane” <blane@aa.net>
Message Hash: d7fe1657bab329943a0e11f07e8597cb404bdca884004f2162559db195f094c9
Message ID: <Pine.BSI.3.91.960409181051.8349Q-100000@newton.forequest.com>
Reply To: <31676b78.52447450@mail.aa.net>
UTC Datetime: 1996-04-10 23:47:06 UTC
Raw Date: Thu, 11 Apr 1996 07:47:06 +0800

Raw message

From: Jeremey Barrett <jeremey@forequest.com>
Date: Thu, 11 Apr 1996 07:47:06 +0800
To: "Brian C. Lane" <blane@aa.net>
Subject: Re: WWW User authentication
In-Reply-To: <31676b78.52447450@mail.aa.net>
Message-ID: <Pine.BSI.3.91.960409181051.8349Q-100000@newton.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


Right now, the only solution I know of is to use cookies for browsers that
support them, and do all the MD5-ing yourself. That excludes some browsers,
but you can support those in the totally insecure manner.

On Tue, 9 Apr 1996, Brian C. Lane wrote:

> 
>   I just finished writing a cgi script to allow users to change their login
> passwords via a webpage. I currently have the webpage being authenticated
> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> many browsers actually support it?
> 
>   When the user changes their password, the form sends their name, old
> password, and new password with it, in the clear. This is no worse than
> changing your password across a telnet connection, but I'd like it to be
> more secure, but useable by a large number of browsers.
> 
>   Any advice?
> 
>     Brian
> 
> ------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
>   Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
> ==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output






Thread