Y
Hacker News
new
|
ask
|
show
|
jobs
by
mollmerx
3803 days ago
The passwords are generated on the client.
1 comments
rnhmjoj
3803 days ago
What if someone is listening to your traffic and injects a script which sends generated passwords to a server? http only is a bad idea in this case.
link