Y
Hacker News
new
|
ask
|
show
|
jobs
by
badmonkey0001
5476 days ago
POST can be sniffed and is only slightly less vulnerable than GET. HTTPS at a dedicated address should be a minimum level of security for a login form. Anything else is readily vulnerable to sniffing or spoofing.
1 comments
stcredzero
5476 days ago
Properly implementing hashed passwords with challenge-response will protect your login, though your session information can still be sniffed.
link