|
|
|
|
|
|
by Isinlor
2786 days ago
|
|
|
Why would you want to see actual user password if you can not see it? If you see a password you can leak it by screwing up in numbers of ways. If you never see a password you just can't leak it. E.g. Twitter recently discovered that they were storing passwords in plaintext in logs, GitHub had similar issue. Take a look here: https://arstechnica.com/information-technology/2018/05/twitt... Of course, a hash that you will recive from client should be treated as a normal password including all good practices. |
|
|