8 Nov
2005
8 Nov
'05
7:58 p.m.
Konstantin Käfer wrote:
Hello,
Why should sending the password hashed increase security? Just get the hashed password and provide that to the script (of course not by entering it in the password field but by "faking" the HTTP POST values).
the opriginal post already covered this. see below.
While an attacker can still use it for logging in to the drupal site this prevents to reuse the password on other sistems where the user has an account.