>
> Hi everyone!
>
> I'm sorry if this has been answered before, but I had a look and
> couldn't find it.
>
> Is it normal that in the registration/login/changepassword process,
> the password is transmitted in clear text(POST Variable)?
>
> My main worry, is that any scriptkiddy can fire up a sniffing program
> and capture the password.
> For the moment I've put the site under SSL, but this is far from
> optimal.
>
> Is there a feature/component/"hack" that will encrypt the password
> during these processes?
Yes, use SSL.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment