Jean-Marc Desperrier wrote: > > Could be nice to do that, so there would be no way from javascript to > get the original value the user has typed.
Thats one point, however as you wrote if the page itself is altered there is already a much bigger problem, therefore the primary idea behind the hashing is to prevent that the plain text password is transmitted over the network. Alexander _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
