> In general, I've always designed systems with passwords stored in a
> database as a one-way hash so that if the database gets compromised,
> you're not giving up users' passwords (it's a PITA to tell everyone to
> change their password). I encrypt the passwords in the browser (using
> the same algorithm) and always transmit an encrypted password.
> There's no place to peek. I provide a one-time link to a password
> reset page if they forgot their password. That's sent to the email on
> file (which they gave me).
not sure if I understand it well but it seems to me that your hash
becomes the password. In other words, if I find out the hash, I can log
in (e.g. using my own client).