Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The problem with this approach is that now someone on the backend will mistakenly think, hey the password is already hashed by the client, let's just store that directly in the database! And now you essentially have passwords stored in plain text.


If your backend and frontend engineers are that bad at communicating the api then you probably already have a lot of security problems to begin with.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: