Hacker News new | ask | show | jobs
by born2discover 1525 days ago
I believe they are referencing the fact that upon a login attempt the server does receive a plaintext password per se.

Usually it is stored in memory only long enough to compare it to the hashed version from the persistence layer but... that's in theory.
1 comments
tuwtuwtuwtuw 1525 days ago
When it comes to memory then it will typically be stored longer than necessary due to how garbage collection works in 99% of all of web applications.
link