Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bawolff
on Feb 23, 2023
|
parent
|
context
|
favorite
| on:
PHP bug: Password_verify() always return true with...
I don't understand the scenario. You're saying this is bad if you hash on client side and compare to a plaintext password stored on the server?
I mean, i suppose, but such a setup is so broken does it matter?
jefftk
on Feb 23, 2023
[–]
I agree that this is broken, and loses much of the benefit of hashing. But this is the php ecosystem; I'd be surprised if no one was doing that!
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
I mean, i suppose, but such a setup is so broken does it matter?