Passwords, now ∞% better


Back to topics list
[post:517#5063]
Rebecca

05/19/2011 03:00 PM

Reviews: 23
Posts: 771

So I changed how passwords are handled on the site. They used to be dealt with pretty cavalierly and this has been tightened up in a few ways:

1. Passwords are no longer stored in cleartext. Now we store a salted hash of your password-- that is, a number derived from your password in such a way that no one can deduce your password from it. It used to be that if you forgot your password, it would actually send it to you in email. Now it will generate a new password for you and send that.

2. Passwords are no longer transmitted in cleartext. Now the login page generates a hash of your password and sends that to the server. (Unless, of course, you don't have JavaScript. Logins will still work, but your password will be sent in cleartext to the server.)

The overall result is that the only time the server actually knows your password is when it generates one for you. And if you set your own password, it never knows it.

Reply to this topic Start a new topic
Back to topics list

Community Anime Reviews

anime mikomi org