[drupal-devel] Securing Login: MD5 password hashing
using javascript
Moshe Weitzman
weitzman at tejasa.com
Tue Nov 8 18:58:47 UTC 2005
Konstantin Käfer wrote:
> Hello,
>
> Why should sending the password hashed increase security? Just get the
> hashed password and provide that to the script (of course not by
> entering it in the password field but by "faking" the HTTP POST
> values).
the opriginal post already covered this. see below.
>>>While an attacker can still use it for logging in to the drupal site
>>>this prevents to reuse the password on other sistems where the user
>>>has an account.
More information about the development
mailing list