[Seaside] Proper password hashing

Peter Kwangjun Suk peter.kwangjun.suk at gmail.com
Tue Apr 12 03:05:54 UTC 2011

On Sun, Apr 10, 2011 at 9:21 PM, Boris Popov, DeepCove Labs
<boris at deepcovelabs.com> wrote:
> Peter,
> Even if you salt it, the attacker had sniffed the legit user's session key or cookie already. MITM FTW.

True that, but I think that most would bother, while a >plaintext
password< is a bit too glaring a target.  So something more a step
more secure than plaintext is what I'm looking for, just to keep
kiddies away from my dev server.  I'll probably be implementing SSL
eventually anyhow.


There's neither heaven not hell,
save what we grant ourselves.
There's neither fairness nor justice,
save what we grant each other.

More information about the seaside mailing list