On Oct 27, Alexander Burger scribed:

> Why not?
> Nobody could stop me anyway. I could trace the program during execution,
> for example, to get the passwords.

Pardon me for jumping in (short time lurker; reading the archives alot).
In general, I've always designed systems with passwords stored in a
database as a one-way hash so that if the database gets compromised,
you're not giving up users' passwords (it's a PITA to tell everyone to
change their password).  I encrypt the passwords in the browser (using the
same algorithm) and always transmit an encrypted password.  There's no
place to peek.  I provide a one-time link to a password reset page if they
forgot their password.  That's sent to the email on file (which they gave

UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe

Reply via email to