Hacker News new | past | comments | ask | show | jobs | submit login

POST can be sniffed and is only slightly less vulnerable than GET. HTTPS at a dedicated address should be a minimum level of security for a login form. Anything else is readily vulnerable to sniffing or spoofing.



Properly implementing hashed passwords with challenge-response will protect your login, though your session information can still be sniffed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: