Hacker News new | ask | show | jobs
by aianus 4374 days ago
> Having the user send their password over a non-SSL connection when they choose it in the very first place is also less-than-perfect security.

Who does that? That's even worse than storing it in plain text on the backend.
1 comments
oneeyedpigeon 4374 days ago
The first site [1] on the blog in question, for example.

[1] http://www.assosfactoryoutlet.com/customer/account/create/

link