P
Peter Judge
Guest
You should at the very least be using HTTPS for the login page submissions. You should also not be using encryption for the credentials – rather use a (salted) hash (ie a one-way scrambling). Encryption means that the client needs a key and you should not be propagating your keys to browsers.
Continue reading...
Continue reading...