20th April 2003
One of the things that has always bugged me about creating login forms for web based applications is that the password is passed in clear text when the user logs in. Even if you then set a session cookie of some sort for future access the password has stilled been transmitted unencrypted at least once.
The obvious way around this is to use
A modified version of the system is used by Yahoo’s Login Page, so it is certainly feasible for deployment in a commercial environment. Obviously an
https encrypted session is far more secure, but for non-ecommerce web applications this technique is a no-brainer.
More recent articles
- Weeknotes: Getting ready for NICAR - 27th February 2024
- The killer app of Gemini Pro 1.5 is video - 21st February 2024
- Weeknotes: a Datasette release, an LLM release and a bunch of new plugins - 9th February 2024
- LLM 0.13: The annotated release notes - 26th January 2024
- Weeknotes: datasette-test, datasette-build, PSF board retreat - 21st January 2024
- Talking about Open Source LLMs on Oxide and Friends - 17th January 2024
- Publish Python packages to PyPI with a python-lib cookiecutter template and GitHub Actions - 16th January 2024
- What I should have said about the term Artificial Intelligence - 9th January 2024
- Weeknotes: Page caching and custom templates for Datasette Cloud - 7th January 2024