|
|
|
|
|
|
by angstrom
2625 days ago
|
|
|
Gateways filter that before internal services see anything. There's not any reason to be playing with passwords beneath the Authentication layer. Credentials should be exchanged for the customer identity and expirable nonce. If that mistake happened in the authentication/authorization layer then it becomes a big question of competence. |
|
|