Hi guys,
I have a doubt, may be you have a clear vision about this point :
is it the server responsability to compare the user's password against
an encrypted form or should the client encrypt the password before
sending it to the server ?
I mean, we can have one of those two possibilities :
1) [client] --(clear password)--> <network> --> [server] --> encrypt the
password and compares it to the stored encrypted password
or
2) [client] --(encrypt password)--> <network> [server] --> compares the
encrypted password and compares it to the stored encrypted password
?
Emmanuel
PS : we have solution 1 currently implemented. Is it correct ?
