What about one-way hash?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

What about one-way hash?

Norbert Pfaff-2
Hi,

one of our customers has had a security check, which included also our web-app.

They write our passwords are not encrypted in the database, so that if aggressor has access to the preferences of a user, he can see the password in the html-code.

They say we should save the password as a one-way hash.  (Argon2)


What would you do?

Grüße/regards
Norbert
       
Norbert Pfaff
Hammelstalstr. 52
67098 Bad Dürkheim

Fon: 06322 9108028
Skype:    npfaff
eMail: [hidden email]



_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/