clemdawg

joined 1 year ago
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Please forgive me as I haven’t coded anything in 15ish years but even when making shitty PHP message boards back in the day we would always hash and salt passwords. The server would never see a plain text version of your password.

HTTPS is nice but that doesn’t guarantee what the server is doing with my plain text password.

Edit: I just had the thought that when coding those message boards the PHP running on the server side would get a plain text password via POST, hash/salt it, then store that in a database to use for comparison later. So I guess the server did need it in plain text in that application. 🤷🏻‍♂️