Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8
Adam D. Ruppe
destructionator at gmail.com
Sat Apr 12 19:02:14 PDT 2014
On Saturday, 12 April 2014 at 21:18:26 UTC, Nick Sabalausky wrote:
> Never storing or transmitting password in plain text is not
> only basic, obvious and to be expected, but it is THE most
> basic, obvious and to-be-expected principle that exists in
> computer security.
... and it is also the most common way passwords are sent in
internet protocols.
* SMTP and HTTP will base64 encode it with their basic auth but
that's it
* web sites typically transmit it completely open
There's SSL now that gets more traction, but if you expect a
password NOT to be sent in something trivially converted to plain
text, wake up an smell the RFC.
More information about the Digitalmars-d
mailing list