• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2023

help-circle
  • Please forgive me as I haven’t coded anything in 15ish years but even when making shitty PHP message boards back in the day we would always hash and salt passwords. The server would never see a plain text version of your password.

    HTTPS is nice but that doesn’t guarantee what the server is doing with my plain text password.

    Edit: I just had the thought that when coding those message boards the PHP running on the server side would get a plain text password via POST, hash/salt it, then store that in a database to use for comparison later. So I guess the server did need it in plain text in that application. 🤷🏻‍♂️