It's very interesting!, anyone knows?
On 8 jul, 22:20, Offsky <[email protected]> wrote: > I noticed with Gmail that if I am offline for an extended period of > time, it will ask me for my password again. I can understand the > security benefit from this (suppose you lost your laptop), but I don't > understand how to do it in my application. > > When online, I hash the password and compare this to the hashed > password in my database. The hash is a secret, so I don't want to > transfer this to the client. I also don't want to store the password > on the client in plain text. And regardless of whatever mechanism I > choose to use, it is quite easy to get around this by modifying the > local javascript, or by looking at the unencrypted database file on > the local computer. So is it really necessary to authenticate the > user while offline? How does Gmail do it?
