One of the things that has always bugged me about creating login forms for web based applications is that the password is passed in clear text when the user logs in. Even if you then set a session cookie of some sort for future access the password has stilled been transmitted unencrypted at least once.
The obvious way around this is to use
A modified version of the system is used by Yahoo’s Login Page, so it is certainly feasible for deployment in a commercial environment. Obviously an
https encrypted session is far more secure, but for non-ecommerce web applications this technique is a no-brainer.