minus-squareVigge93@lemmy.worldtoCybersecurity - Memes@lemmy.world•Uh oh, somebody's not following best practices, that's a paddlinlinkfedilinkarrow-up11·24 days agoThat would be an extremely bad idea tho, because it would allow a malicious attacker to Try random usernames, and if the website returns a hash they know that user exists Once they have the hash, and the hashing algoritm, it is much easier to brute-force the password, bypassing any safeguards on the server Username/password validation should happen entirely server-side, with as little information as possible provided to the client linkfedilink
That would be an extremely bad idea tho, because it would allow a malicious attacker to
Username/password validation should happen entirely server-side, with as little information as possible provided to the client