Closed GoogleCodeExporter closed 9 years ago
Ah yes. This is a bug. But since we will change the way password hashing is
done,
I'm not yet sure if the client-side hashing would still remain.
We implemented a client-side hashing so that the password being sent through an
unencrypted network is not plain.
Original comment by waldemar...@gmail.com
on 26 Aug 2008 at 1:16
Ah ic, I'll be looking forward to the new hashing...
Original comment by caket...@gmail.com
on 27 Aug 2008 at 2:34
How about we make this optional so that deployments which use SSL can turn-off
client-side hashing?
Original comment by djclue...@gmail.com
on 4 Feb 2009 at 2:44
I agree. Will make this an option during the installation.
Original comment by waldemar...@gmail.com
on 17 Feb 2009 at 3:12
Original comment by waldemar...@gmail.com
on 17 Mar 2009 at 5:59
Original comment by waldemar...@gmail.com
on 17 Mar 2009 at 5:59
Hashing of password in the client-side will be removed. Use of HTTPS is
recommended instead of client-side hashing. Also see issue53.
Original comment by waldemar...@gmail.com
on 16 Jun 2010 at 7:02
Original comment by aicapa...@gmail.com
on 19 Jun 2010 at 2:17
Original issue reported on code.google.com by
caket...@gmail.com
on 26 Aug 2008 at 9:05