|
Wordpress Cookie Authentication VulnerabilityWordpress Cookie Authentication VulnerabilityPosted Nov 20, 2007 16:28 UTC (Tue) by zlynx (subscriber, #2285)In reply to: Wordpress Cookie Authentication Vulnerability by drag Parent article: Wordpress Cookie Authentication Vulnerability
What they need to do is either use SSL client certificates, which would be a great idea since they do exactly what is desired: authenticate the client, or: Use Javascript. Have the server provide a random value, then in Javascript MD5 or otherwise hash the password or password MD5 + random value and return the result to the server. In either case, the secret is never sent over the network.
(Log in to post comments)
|
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.