Hi, one of our customers has had a security check, which included also our web-app.
They write our passwords are not encrypted in the database, so that if aggressor has access to the preferences of a user, he can see the password in the html-code. They say we should save the password as a one-way hash. (Argon2) What would you do? Norbert Pfaff Hammelstalstr. 52 67098 Bad Dürkheim Fon: 06322 9108028 Skype: npfaff eMail: [email protected] _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://active4d-nabble.aparajitaworld.com/
