I understand that using the md5hash() function, the password is hashed and added to a hidden field in the login form before being submitted. But all data is sent in plain text over http anyway. What additional security does this extra field provide ?
I'm contemplating removing this file (not from the server, but just not making use of it).
What do you think ?
I'm contemplating removing this file (not from the server, but just not making use of it).
What do you think ?
Comment