Hi,
Not sure if there is dedicated board or something to comment on tutorials..but here it goes.
I just read this tutorial
viewtopic.php?t=38810
really nice work.
My question is...is this all required if using https connection. As far as I see this prevents sending passwords in clear form so nobody sniffing the trafic can just steal them. I guess this will be necessary as another layer on top on https...just to be on the safe side ....if someone crack https (for whatever reason) and be able to listen on traffic. Is that correct?
Q:discussing tutorial about secure login.
Moderator: General Moderators
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Thanks! 
The primary focus of C/R in my experience is where a HTTPS connection is not available. With SSL this approach is largely defunct assuming the connection encryption remains secure. There's nothing wrong with using this in addition since it doesn't have any impact on whether HTTPS is used or not but its likely not required. One could possibly label it defence in depth if used across HTTPS - just in case
.
The primary focus of C/R in my experience is where a HTTPS connection is not available. With SSL this approach is largely defunct assuming the connection encryption remains secure. There's nothing wrong with using this in addition since it doesn't have any impact on whether HTTPS is used or not but its likely not required. One could possibly label it defence in depth if used across HTTPS - just in case