Not sure if this is the right forum, but as it concerns JS, here goes :

Can we use the MD5/SHA1 encryption algorithm as provided by <http://pajhome.org.uk/crypt/md5/index.html> for client-side hashing/encryption of the password for the default login (in cases where SSL is absent)? If yes, please let me know which files need to be changed for this to happen (This might sound stupid, but I need to know where to insert the code).

Sorry, I'm not familiar with the DNN Client API, but can this API provide any alternative means of doing the same thing?

Thanks, Jon for your response. So lets say, I have a JS function to do this kind of thing. Where do I have to insert the code. Will it be somewhere in login.ascx? And will I also then need to change or insert any server-side code for this to work?

Hi Brandon,

Yes I presume token-based challenge/response system on the server side would also be necessary using a custom authentication method based off of DNN's default as you said, although that's a difficult job for me to do unless I get further help from these forums. I was just trying to say "Hey, what if I do not have SSL"?

Would it be safe then to conclude that SSL is mandatory for secure transmissions if we are to use DNN?

Do all DNN sites run on SSL? If the answer is No then would it be safe to say that all these sites are vulnerable to sniffing (the clear text password)?