General information
Category:
Coding, syntax & commands
Environment versions
OS:
Windows Server 2012 R2
Network:
Windows Server 2012 R2
Virtual environment:
VMWare
Hi Marco,
did you mean it is just "as insecure"? below?
As far a changing code, I can do whatever on the client side. On the server side, I don't know what the programmer on that system can do yet - we have talked about encrypting the documents (using AES) but have not yet talked about the problem with the credentials.
Albert
>Hi Albert, passing an encrypted password is as secure as passing the password itself, since
> nothing prevents a hacker to use the encrypted password to gain access to your server.
>
>You better implement some type of digest authentication, this way you don't store nor
>send passwords, but hashed strings wich change on every request.
>
>( but you don't specify if you can change both server and client code. )
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only