Re^2: Cookie login (pseudocode)


Think about Loose Coupling
	PerlMonks

Re^2: Cookie login (pseudocode)

by Anonymous Monk

on Feb 21, 2008 at 00:08 UTC ( [id://669140]=note: print w/replies, xml )

Need Help??

in reply to Re: Cookie login (pseudocode)
in thread Cookie login (pseudocode)

Re: storing passwords in cleartext

In the past, i've used javascript to hash the password client-side, and compare it to the hashed passwords stored in the database.

The hashed password is still sent in the clear (and someone eavesdropping can still use it to log in), but no cleartext passwords are revealed to the eavesdropper or someone who has gained entry to the db.

While it doesn't do much for the security of your application, it will prevent an attacker from trying a password on another system (e.g. to access your e-mail or banking information)

Comment on Re^2: Cookie login (pseudocode)

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://669140]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others meditating upon the Monastery: (3)

As of 2024-04-26 04:17 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found