On Saturday, 12 April 2014 at 21:18:26 UTC, Nick Sabalausky wrote:
Never storing or transmitting password in plain text is not
only basic, obvious and to be expected, but it is THE most
basic, obvious and to-be-expected principle that exists in
computer security.
... and it is also the most common way passwords are sent in
internet protocols.
* SMTP and HTTP will base64 encode it with their basic auth but
that's it
* web sites typically transmit it completely open
There's SSL now that gets more traction, but if you expect a
password NOT to be sent in something trivially converted to plain
text, wake up an smell the RFC.
