in reply to Re: PerlMonks Certificate Expired
in thread PerlMonks Certificate Expired

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
Re^3: PerlMonks Certificate Expired
by derby (Abbot) on Sep 18, 2023 at 10:58 UTC

    That is really no different than sending your creds in plaintext. If all the server needs is the hashed creds than it's just as easy to intercept the hashed creds and replay them as it is to intercept the creds and replay them.

    -derby
[reply]
Re^3: PerlMonks Certificate Expired
by marto (Cardinal) on Sep 18, 2023 at 10:48 UTC

    Some people browse with JavaScript disabled, for safety and security. Without a secure context there's zero trust between the client and the endpoint. Web Crypto requires secure context. Your suggestion solves no problems.

[reply]

In Section Perl Monks Discussion