2

!Rant
If I'm validating a user input form should I use a hash or a encrypted string. I hope to include the user IP, header requested time plus a random number for the string.

Comments
  • 3
    Wat.
    Https for the transmission. User password should be have a salt added and then be hashed with a strong algorithm like bcrypt.
  • 1
    Im with kimmax in that a: wat, b: https for all secure transactions.
  • 2
    Yeah, if you're using https it's kinda overkill to hash data before transmission; banking sites that I've used don't even do that.

    It you're sending sensitive data without https, stop.
Add Comment