Improving assert-printing in DMD
John Colvin via Digitalmars-d
digitalmars-d at puremagic.com
Wed Sep 30 09:14:59 PDT 2015
On Wednesday, 30 September 2015 at 14:53:31 UTC, H. S. Teoh wrote:
> On Wed, Sep 30, 2015 at 08:30:47AM +0200, Jacob Carlborg via
> Digitalmars-d wrote:
>> On 2015-09-29 23:32, Andrej Mitrovic via Digitalmars-d wrote:
>>
>> >If you have plaintext passwords stored anywhere you are
>> >already screwed. ;)
>>
>> The password always starts out in plaintext, or do you hash it
>> in the front end, as the users types? Since the back end
>> shouldn't trust the front end, it needs to hash it again.
> [...]
>
> The right way to do it is for the server to send a random
> challenge which the front end (presumably running on the user's
> machine) encrypts with the password, sending the ciphertext
> back to the server. The plaintext password is never sent over
> wire, yet the only way the client can provide the correct
> response is if it knows the password to begin with.
>
>
> T
right. Nonetheless, sometimes code does have to work with
sensitive data and you don't want it to leak outside the program
in unexpected ways.
More information about the Digitalmars-d
mailing list