Provide alternate user authentication mechanism Provide a CRAM-MD5 or equivalent mechanism
Posted 07 March 2011 - 07:13 AM
The hashing of the password presented in the tutorials only helps against server compromise (DB theft), not against network sniffing. Https is not an always an available option, especially for virtual hosts.
Passwords would then have to be stored plaintext on the server, but:
-if yii is secure enough to prevent against sql injection and other vulnerabilities this wouldn't be an issue
-simple network sniffing would be ineffective
Posted 08 March 2011 - 03:38 AM
Posted 08 March 2011 - 12:27 PM