S
Sulaiman
Please correct me if I am wrong here,
When we put the username/password in the Form Authentication Web
application, usually the username/password is stored in the cleartext, in the
client memory space. So what happen is that in the public computer, a hacker
can run a program like Winhex to read the memory space and get the
username/password.
Now is there something that we can do on the Server side to prevent this
sort of things? I knew that this is in client boundary, but hashing the
username/password using javascript will make any different?
I was thinking maybe
example
HTTP REQUEST
HTTP.....
username:abc
password:test123
if we use JavaScript to Hash the username/password
the HTTP request that come will be like
HTTP...
username:hash...
password:hash...
Will it work? or is there any better way to do it?
When we put the username/password in the Form Authentication Web
application, usually the username/password is stored in the cleartext, in the
client memory space. So what happen is that in the public computer, a hacker
can run a program like Winhex to read the memory space and get the
username/password.
Now is there something that we can do on the Server side to prevent this
sort of things? I knew that this is in client boundary, but hashing the
username/password using javascript will make any different?
I was thinking maybe
example
HTTP REQUEST
HTTP.....
username:abc
password:test123
if we use JavaScript to Hash the username/password
the HTTP request that come will be like
HTTP...
username:hash...
password:hash...
Will it work? or is there any better way to do it?