On Wed, Dec 29, 2010 at 07:00, David Hutto <smokefl...@gmail.com> wrote: > Correct me if I'm wrong, but If you initially type the username and > password into a file, and you have, in my paranoid scenario, a > keylogger you don't know about, it get's logged, but also, i assume it > would get logged if you typed it in as well, on the site, or that > someone could lift the password if given the authority on your system, > correct? >
There is little us as serverside programmers can do when the user's system is already compromised. However, securing the password down the wire is certainly our job. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
