Think about Loose Coupling | |
PerlMonks |
Re^2: Cookie login (pseudocode)by Anonymous Monk |
on Feb 21, 2008 at 00:08 UTC ( [id://669140]=note: print w/replies, xml ) | Need Help?? |
Re: storing passwords in cleartext In the past, i've used javascript to hash the password client-side, and compare it to the hashed passwords stored in the database. The hashed password is still sent in the clear (and someone eavesdropping can still use it to log in), but no cleartext passwords are revealed to the eavesdropper or someone who has gained entry to the db. While it doesn't do much for the security of your application, it will prevent an attacker from trying a password on another system (e.g. to access your e-mail or banking information)
In Section
Seekers of Perl Wisdom
|
|