|
|
|
|
|
|
by JshWright
4864 days ago
|
|
|
>- Naive authentication. - Unsalted, fast hash sent in the URL. - Password stored in clear text server side. I don't understand the point of hashing the password in the client anyway... The hash is as good as the password to an attacker. |
|
|
It would be possible to use a challenge response authentication scheme (http://en.wikipedia.org/wiki/Challenge%E2%80%93response_auth...) but just doing things over HTTPS is generally fine.