Improving assert-printing in DMD
H. S. Teoh via Digitalmars-d
digitalmars-d at puremagic.com
Wed Sep 30 07:49:33 PDT 2015
On Wed, Sep 30, 2015 at 08:30:47AM +0200, Jacob Carlborg via Digitalmars-d wrote:
> On 2015-09-29 23:32, Andrej Mitrovic via Digitalmars-d wrote:
>
> >If you have plaintext passwords stored anywhere you are already
> >screwed. ;)
>
> The password always starts out in plaintext, or do you hash it in the
> front end, as the users types? Since the back end shouldn't trust the
> front end, it needs to hash it again.
[...]
The right way to do it is for the server to send a random challenge
which the front end (presumably running on the user's machine) encrypts
with the password, sending the ciphertext back to the server. The
plaintext password is never sent over wire, yet the only way the client
can provide the correct response is if it knows the password to begin
with.
T
--
LINUX = Lousy Interface for Nefarious Unix Xenophobes.
More information about the Digitalmars-d
mailing list