Q:discussing tutorial about secure login.

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Q:discussing tutorial about secure login.

Post by jmut »

Hi,
Not sure if there is dedicated board or something to comment on tutorials..but here it goes.

I just read this tutorial
viewtopic.php?t=38810

really nice work.

My question is...is this all required if using https connection. As far as I see this prevents sending passwords in clear form so nobody sniffing the trafic can just steal them. I guess this will be necessary as another layer on top on https...just to be on the safe side ....if someone crack https (for whatever reason) and be able to listen on traffic. Is that correct?
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Thanks! :)

The primary focus of C/R in my experience is where a HTTPS connection is not available. With SSL this approach is largely defunct assuming the connection encryption remains secure. There's nothing wrong with using this in addition since it doesn't have any impact on whether HTTPS is used or not but its likely not required. One could possibly label it defence in depth if used across HTTPS - just in case ;).
Post Reply