Suppose you don't want your passwords transmitted in the clear after SSL is
terminated by a proxy.
Has anyone developed a secure way for the client to prove they have the
password, rather than transmitting it in the body of a post?
Show replies by date