[Seaside] Proper password hashing
Peter Kwangjun Suk
peter.kwangjun.suk at gmail.com
Tue Apr 12 03:05:54 UTC 2011
On Sun, Apr 10, 2011 at 9:21 PM, Boris Popov, DeepCove Labs
<boris at deepcovelabs.com> wrote:
> Peter,
>
> Even if you salt it, the attacker had sniffed the legit user's session key or cookie already. MITM FTW.
True that, but I think that most would bother, while a >plaintext
password< is a bit too glaring a target. So something more a step
more secure than plaintext is what I'm looking for, just to keep
kiddies away from my dev server. I'll probably be implementing SSL
eventually anyhow.
--Peter
--
There's neither heaven not hell,
save what we grant ourselves.
There's neither fairness nor justice,
save what we grant each other.
More information about the seaside
mailing list