Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: At what layer to hash a password
Jun 26 2010 05:02PM
Javier Bassi (javierbassi gmail com)
If I'm not wrong, some forums like vBulletin when you login, they send
in plain/text. If you want double encrpytion, when the pass reach the
db, you could apply a salt to that md5
On the negative ...
[ more ]
Copyright 2010, SecurityFocus