"body" is the char* variable that I use with CURLOPT_POSTFIELDS.

@angristan please don't tell me you're sending the password in plain text to the server - oh no

@angristan ah I see, nice! I was worried for a second there πŸ‘€

@valiant @angristan Normally when logging in to a service, you would send the username and password just as they are to the server (over a TLS-protected connection of course, but anyway), there is not really any other way to do it

@valiant @angristan The server needs to receive the plain password so it can then hash it and compare it to the password hash in the database

The server can't accept a password hash from the client, because if it did then an attacker who stole the hashes from the database could just login by sending the hash (negating the purpose of hashing in the first place)

And encrypting the password before sending it isn't necessary because TLS already encrypts it before sending

@vurpo @angristan I am complete aware of how it would work, hence my comment in the first place. It is never safe to assume someone will always use TLS. If you use TLS, it is not going in plain text...

@valiant @angristan Oh, in that case I misinterpreted your previous response

@vurpo @angristan yeah it's all good, they responded that it was just a test anyway. Appreciate the explanation too, useful for someone who doesn't understand it. :blobheart:

Sign in to participate in the conversation
Mastodon

Fast, secure and up-to-date instance, welcoming everyone around the world. Join us! 🌍
Up since 04/04/2017. βœ…

Why should you sign up on mstdn.io?

This instance is not focused on any theme or subject, feel free to talk about whatever you want. Although the main language is english, we accept every single language and country.

We're connected to the whole ActivityPub fediverse and we do not block any foreign instance nor user.

We do have rules, but the goal is to have responsible users.

The instance uses a powerful server to ensure speed and stability, and it has good uptime. We follow state-of-the-art security practices.

Also, we have over 300 custom emojis to unleash your meming potential!


Looking for a Kpop themed instance? Try kpop.social