Hacker News new | comments | show | ask | jobs | submit login

Stipulating all the other points you've made, exactly what is the purpose of hiding from a server a long random string generated by that server and useful only to that server?

Preventing someone else from getting that and using it on the server, especially if the service can rack up charges.

If you have the hash, you can log into the site (just not using the typical libraries), so it really doesn't add a lot of security. That's why I was wrong :-P

Yeah, I got there, just was confused about the digest thing.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact