|
|
|
|
|
|
by kstrauser
3643 days ago
|
|
|
Yes, but then the attacker can ignore your JavaScript and just send the hash value they got from the dump. If you calculate hash(password) and send that for comparison to the hashed password stored in the user database, then hash(password) is your password from then on. |
|
|