Possible Duplicate:
Client side password hashing
How one design support for digest authentication in client side. HTML form probably won't help. Does one need javascript and set the header explicitly or any better way.
Asked
Active
Viewed 569 times
1 Answers
2
You don't because its an OWASP Violation. You have to use HTTPS, for logging in AND the lifetime of the session.
Alex Gittemeier
- 103
- 3
rook
- 46,916
- 10
- 92
- 181
-
Thank you for that resource. I am surprised it is considered the duplicate of the mentioned qn as that was related to why client side hashing. anyway, doesn't matter, this was my first qn :-(. While reading about security, I had the impression that Digest based auth is in lieu of basic-http auth. Anyway thanks for the link. – bsr Nov 03 '12 at 12:33