o Add some JavaScript based user-interface experience improvement
by rendering a open/close black/red/green lock at the right side of
the password login field to on-the-fly indicate to the user whether
the password field content is (already or still not) secure for
transmission.
o Add support for secure password transaction via plain HTTP by
calculating the SHA-1 digest "sha1(pw)" of the password "pw" on the
client-side with JavaScript and sending "SHA1:"+sha1(pw) instead of
"pw" to the server via HTTP.
The JavaScript code is based on jQuery and a subset of RSE's forthcoming
jscrypto library. |