|
|
|
|
|
|
by ircmaxell
1214 days ago
|
|
|
True, but in this case if you can write an invalid hash into a database, you can likewise write a valid one, and as such this doesn't really enable anything. The one thing this does get you is that the original password would still work (technically any password would still work) so it may make it harder to detect since the user wouldn't "suddenly be locked out"... |
|
|