|
|
|
|
|
|
by nevinera
4691 days ago
|
|
|
I believe the standard approach is to hash the password in the browser and submit the hash for comparison - then if somebody observes the transaction they will only have gained access to the blog, and not everything with which it shares a password. On the other side, it is typically better not to store the password on the server either. You could accomplish that by giving a utility to store a hash in a file, but that's a bit heavy I guess. I meant for a nonprofessional /blogger/, incidentally, not a nonprofessional coder :-) |
|
|