Hi Marco,

did you mean it is just "as insecure"? below?

As far a changing code, I can do whatever on the client side. On the server side, I don't know what the programmer on that system can do yet - we have talked about encrypting the documents (using AES) but have not yet talked about the problem with the credentials.

Albert

>Hi Albert, passing an encrypted password is as secure as passing the password itself, since
> nothing prevents a hacker to use the encrypted password to gain access to your server.
>
>You better implement some type of digest authentication, this way you don't store nor
>send passwords, but hashed strings wich change on every request.
>
>( but you don't specify if you can change both server and client code. )