|
|
|
|
|
|
by wkat4242
878 days ago
|
|
|
These are SQL commands. The WAF would see the password unless you pre-hash it on the client side in JavaScript (not a bad idea). But the database really should never ever see the plaintext password. If it does you're doing a lot more wrong than just being open to SQL injection. |
|
|