| View previous topic :: View next topic |
| Author |
Message |
Ikopar
Enthusiastic Coder
Joined: 26 May 2006
Posts: 168
|
Yeah, that would be a little harder to crack, but someone could...yeah, exactly
Reply with quote
|
| |
|
|
Roombor
Enthusiastic Coder
Joined: 02 Jun 2006
Posts: 111
|
Would they really go to such lengths to hack some account to your site
Reply with quote
|
| |
|
|
Ikopar
Enthusiastic Coder
Joined: 26 May 2006
Posts: 168
|
No, probably not
Submitting the password when logging in is probably a more pressing matter, no?
So that should be the first security measure i should take
Reply with quote
|
| |
|
|
Roombor
Enthusiastic Coder
Joined: 02 Jun 2006
Posts: 111
| |
Ikopar
Enthusiastic Coder
Joined: 26 May 2006
Posts: 168
|
Is that the same as SSL? i think they wanted me to pay an extra 150 a year or something ridiculous like that
Reply with quote
|
| |
|
|
Roombor
Enthusiastic Coder
Joined: 02 Jun 2006
Posts: 111
|
Oh :)
It's http with ssl encryption
Maybe they ask that much because they have validated ssl certificates or something
Validated = signed
Reply with quote
|
| |
|
|
Ikopar
Enthusiastic Coder
Joined: 26 May 2006
Posts: 168
|
Bah, i figure i could probably do the same thing myself right? with some javascript perhaps
Encode the password client side
Reply with quote
|
| |
|
|
Roombor
Enthusiastic Coder
Joined: 02 Jun 2006
Posts: 111
|
That wont really help
They could still sniff the hash and send that directly to your server
Reply with quote
|
| |
|
|
Ikopar
Enthusiastic Coder
Joined: 26 May 2006
Posts: 168
|
Damn it
Wait, what if there's a random key stored in a javascript variable
That dictates how it's encoded
And...oh, but it'd have to send the key too
Reply with quote
|
| |
|
|
Roombor
Enthusiastic Coder
Joined: 02 Jun 2006
Posts: 111
| |
|
FAQ
Archive
Log in
Register
