Hi Albert,
following up on Marco's suggestion to use Digest Authentication, if the server side supports such, Chilkat's HTTP control has it built-in. Very easy to implement:
https://www.example-code.com/foxpro/http_authentication.aspHank
>Hi Marco,
>
>did you mean it is just "as insecure"? below?
>
>As far a changing code, I can do whatever on the client side. On the server side, I don't know what the programmer on that system can do yet - we have talked about encrypting the documents (using AES) but have not yet talked about the problem with the credentials.
>
>Albert
>
>>Hi Albert, passing an encrypted password is as secure as passing the password itself, since
>> nothing prevents a hacker to use the encrypted password to gain access to your server.
>>
>>You better implement some type of digest authentication, this way you don't store nor
>>send passwords, but hashed strings wich change on every request.
>>
>>( but you don't specify if you can change both server and client code. )