Password Storage
Adam D. Ruppe via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Thu Nov 26 21:19:13 PST 2015
On Friday, 27 November 2015 at 02:05:49 UTC, H. S. Teoh wrote:
> For authentication, the password shouldn't even be sent over
> the wire. Instead, the server (which knows the correct
> password) should send a challenge to the client
Most web setups can't rely on that tho cuz of the lameness of
client side scripting...
But at least if the password is sent over https you don't have to
worry too much about the wire.
More information about the Digitalmars-d-learn
mailing list