I'm sorry if this has been answered before, but I had a look and
couldn't find it.
Is it normal that in the registration/login/changepassword process,
the password is transmitted in clear text(POST Variable)?
My main worry, is that any scriptkiddy can fire up a sniffing program
and capture the password.
For the moment I've put the site under SSL, but this is far from
optimal.
Is there a feature/component/"hack" that will encrypt the password
during these processes?
Thanks in advance,
David
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment