Removing /clientscript/vbulletin_md5.js

Shadab

Senior Member

Join Date: Nov 2007

Posts: 143
- Share
- Tweet
#1

Removing /clientscript/vbulletin_md5.js

Tue 4 Aug '09, 11:00am

I understand that using the md5hash() function, the password is hashed and added to a hidden field in the login form before being submitted. But all data is sent in plain text over http anyway. What additional security does this extra field provide ?

I'm contemplating removing this file (not from the server, but just not making use of it).
What do you think ?

The joy of an early release lasts but a short time. The bitterness of an unusable system lasts for years.
GeekPoint Forum | Articles & Reference
Tags: None
Jake Bunce

Senior Member

Join Date: Dec 2000

Posts: 46599
- Share
- Tweet
#2

Tue 4 Aug '09, 11:20am

The submitted password is hashed with javascript before being sent over http.
Comment

vBulletin 3 End of Life