Y
Hacker News
new
|
ask
|
show
|
jobs
by
thih9
374 days ago
It can be done server side too, the old password can be sent along the new one and the server can verify it.
1 comments
dspillett
370 days ago
Yes, what I meant to say that it doesn't even have to be done server-side, so the fact it happens doesn't imply the server ever sees the old password beyond it's initial setting.
link