Hacker News new | past | comments | ask | show | jobs | submit login

Looks nice. I’m uncomfortable pushing the password in plaintext to an unknown entity. I can always bcrypt the password locally before sending it through the API, but it would be great to see examples of this, to prevent deva from pushing secrets outside their zone of control.

Otherwise, I can see myself using this in some side-projects. Good work!




When I login/signup to a website, I'm always sending my password in plaintext to the server (obv. encrypted via TLS). What's the difference?


The difference is my customer's don't have a first-party relationship with the data store that holds their password.

    browser -> www.example.com

    browser -> www.example.com -> Base
That's the biggest problem I see with this approach. The password will be seen by two parties instead of just one.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: