Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

Adam D. Ruppe destructionator at gmail.com
Sat Apr 12 19:02:14 PDT 2014


On Saturday, 12 April 2014 at 21:18:26 UTC, Nick Sabalausky wrote:
> Never storing or transmitting password in plain text is not 
> only basic, obvious and to be expected, but it is THE most 
> basic, obvious and to-be-expected principle that exists in 
> computer security.

... and it is also the most common way passwords are sent in 
internet protocols.

* SMTP and HTTP will base64 encode it with their basic auth but 
that's it

* web sites typically transmit it completely open


There's SSL now that gets more traction, but if you expect a 
password NOT to be sent in something trivially converted to plain 
text, wake up an smell the RFC.


More information about the Digitalmars-d mailing list