simonstastny
commented
12 years ago Checking password in login.jsp is done using hashing functions.
Signup procedure should now save the chosen password as a hash.
Open simonstastny opened 12 years ago
simonstastny
commented
12 years ago Checking password in login.jsp is done using hashing functions.
Signup procedure should now save the chosen password as a hash.
Passwords are now stored as plaintext, we should store them hashed.
Consider http://codahale.com/how-to-safely-store-a-password/