[...] your server side is going to handle the un
> and cleartext pw and ask some service to validate >> the combination. >> > > Whoa. How do you manage comparing against a clear text pwd when you have > salted hashes in your DB? You /do/ have salted hashes, do you? > > ;-) > > Well, either your server or your service that you are delegating to has to perform the one way hash with the salt...if that's the way you (or the service) is storing them. :) But I think you already knew that... ;-)
