Y
Hacker News
new
|
ask
|
show
|
jobs
by
jesprenj
874 days ago
WAF always sees unhashed passwords -- passwords are sent TLS encrypted in a POST body (unhashed) and are hashed by the server software -- and that's regardless of the password policy.