[WEB SECURITY] username & pw in clear-text through SSL considered safe?
wilkepower at msn.com
Sun Jun 15 21:28:46 EDT 2008
I recently came across a website that passed the user credentials through the http header in clear-text but via https.
Is this practice considered secure?
Would this also show that the passwords are being stored in clear-text and not encrypted with a salt value in the db?
It seems to be there are a few more secure options when dealing with authentication what do you all suggest as the best for a low user (less than 10) system?
The system does need added security due to the contents.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity