Information générale
Catégorie:
Codage, syntaxe et commandes
Versions des environnements
OS:
Windows Server 2012 R2
Network:
Windows Server 2012 R2
Virtual environment:
VMWare
Hi Marco,
did you mean it is just "as insecure"? below?
As far a changing code, I can do whatever on the client side. On the server side, I don't know what the programmer on that system can do yet - we have talked about encrypting the documents (using AES) but have not yet talked about the problem with the credentials.
Albert
>Hi Albert, passing an encrypted password is as secure as passing the password itself, since
> nothing prevents a hacker to use the encrypted password to gain access to your server.
>
>You better implement some type of digest authentication, this way you don't store nor
>send passwords, but hashed strings wich change on every request.
>
>( but you don't specify if you can change both server and client code. )
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement