|
|
|
|
|
|
by mikeash
3644 days ago
|
|
|
I'd agree if the client in some way exists independently of the server. For example, if you have a smartphone app, then client-side hashing could be useful. But for a web page, what's the point? The server is in full control of the JavaScript they send you. If the server is compromised, it can easily bypass the client-side hashing by sending your browser different code. |
|
|