On Oct 27, Alexander Burger scribed:
> Why not?
> Nobody could stop me anyway. I could trace the program during execution,
> for example, to get the passwords.
Pardon me for jumping in (short time lurker; reading the archives alot).
In general, I've always designed systems with passwords stored in a
database as a one-way hash so that if the database gets compromised,
you're not giving up users' passwords (it's a PITA to tell everyone to
change their password). I encrypt the passwords in the browser (using the
same algorithm) and always transmit an encrypted password. There's no
place to peek. I provide a one-time link to a password reset page if they
forgot their password. That's sent to the email on file (which they gave