Hi,
one of our customers has had a security check, which included also our web-app.
They write our passwords are not encrypted in the database, so that if
aggressor has access to the preferences of a user, he can see the password in
the html-code.
They say we should save the password as a one-way hash. (Argon2)
What would you do?
Grüße/regards
Norbert
Norbert Pfaff
Hammelstalstr. 52
67098 Bad Dürkheim
Fon: 06322 9108028
Skype: npfaff
eMail: [email protected]
_______________________________________________
Active4D-dev mailing list
[email protected]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
