Neil Schemenauer wrote:
> Seen on Simon Willison's weblog:
>
> http://pajhome.org.uk/crypt/md5/index.html
>
> Combine it with "form tokens" and you have a nice auth method (for
> situations where SSL is not an option).
>
>   Neil

Thanks, Neil -- that's a useful tool.

Just to add to Willison's "hundred limitations he hasn't thought of"
;-), anyone interested in the scheme might recall RFC 2069 ("An
Extension to HTTP : Digest Access Authentication") which proposed the
same approach but incorporated into the HTTP protocol. The limitations
and security issues described in the RFC would apply to Willison's
scheme as well.

-- Graham