Security: Sending a password / username over HTTPS

352420 pts.
Tags:
HTTPS
Password
SSL
Inside of my friend's website, when a user logs in, they send their username / password to him over HTTPS. Besides having a SSL, there isn't a special obfuscation of the password (it's living in memory in the browser).

Is there anything else he should do to tighten security? Should he keep it hashed? What about in RAM?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    What does "living in memory in the browser" have to do with any actions done by your friend's site? There's nothing the site can do about that. The browser is in charge of the memory it uses. The remote site has no knowledge of it. Technically, it can't even know if it's communicating with a browser. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following