Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 17 of 17
  1. #16
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,273
    Thanks
    10
    Thanked 581 Times in 562 Posts
    Quote Originally Posted by zorba View Post
    I hope you two have calmed down now...Yes, I checked into SSL and think that is the way for me to go. The clients for my site have plenty of money, so the the cost of implementing SSL is of minimal concern.
    a sound plan. don't forget to multi-hash your db pw cols!

    i know the senior coders around here bicker like an old married couple, but we enjoy it, it's a nice break from easy-answer questions like "why does xxx only work the first time?"...
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/5/28) IE7:0.1, IE8:5.3, IE11:8.4, IE9:3.2, IE10:3.2, FF:18.2, CH:46, SF:7.9, NON-MOUSE:32%

  2. #17
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,590
    Thanks
    0
    Thanked 644 Times in 634 Posts
    Quote Originally Posted by zorba View Post
    I hope you two have calmed down now
    No one was upset so no one needs to calm down - we were just presenting different viewpoints.

    Yes hashing the password in JavaScript prevents the attacker being able to use it to break into other sites that don't use identical hashing.

    The main point that I was trying to make is that it provides no additional protection for your site the way SSL does because the hash is the password as far as your site is concerned (and if you allow for some of your users not having JavaScript then you need to allow for the original password to work as well which means there are two passwords that will work for each account).

    You need to weigh up the advantages and disadvantages in determining whether to implement the hashing - does making the page slower to load and your site slightly less secure in order to help protect your visitors against their own stupidity in reusing the same password on different sites worth it?
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •