[WEB SECURITY] username & pw in clear-text through SSL considered safe?
wilke rodriquez
wilkepower at msn.com
Sun Jun 15 21:28:46 EDT 2008
Hi All,
I recently came across a website that passed the user credentials through the http header in clear-text but via https.
Is this practice considered secure?
Would this also show that the passwords are being stored in clear-text and not encrypted with a salt value in the db?
It seems to be there are a few more secure options when dealing with authentication what do you all suggest as the best for a low user (less than 10) system?
The system does need added security due to the contents.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080615/dd9284e2/attachment.html>
More information about the websecurity
mailing list