Announcement

Collapse
No announcement yet.

Removing /clientscript/vbulletin_md5.js

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Removing /clientscript/vbulletin_md5.js

    I understand that using the md5hash() function, the password is hashed and added to a hidden field in the login form before being submitted. But all data is sent in plain text over http anyway. What additional security does this extra field provide ?

    I'm contemplating removing this file (not from the server, but just not making use of it).
    What do you think ?
    The joy of an early release lasts but a short time. The bitterness of an unusable system lasts for years.
    GeekPoint Forum | Articles & Reference

  • #2
    The submitted password is hashed with javascript before being sent over http.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X