10 pts ยท March 6, 2017
What a cham-pion!
Yea, just don't do that anywhere near any sensitive data.
5678
Now you're using unique salts which makes it harder... an attacker still can focus on one specific account - it's not that long.
Not outdated per se, just easy to crack by today's standards.
There is no encryption there?
Please at least use bCrypt.
Rest in peace.
Can I have one?
456
Bro
Neato
10
Interesting
Yes, there are some .htaccess directives for that. (Authtype, AuthName, AuthUserFile and probably others I forgot about)
https://stripe.ian.sh
OP means specifically a green bar with a Subject name, but even that can be faked with enough means.
understand and pop a password input. But the password can be omitted in the URI. 2/2
Yes. If the server doesn't accept it, it can return a 401 Unauthorized with a coherent WWW-Authenticate header, which your browser will 1/2
.
What a cham-pion!
Yea, just don't do that anywhere near any sensitive data.
5678
Now you're using unique salts which makes it harder... an attacker still can focus on one specific account - it's not that long.
Not outdated per se, just easy to crack by today's standards.
There is no encryption there?
Please at least use bCrypt.
Rest in peace.
Can I have one?
456
Bro
Neato
10
Interesting
Interesting
Yes, there are some .htaccess directives for that. (Authtype, AuthName, AuthUserFile and probably others I forgot about)
https://stripe.ian.sh
OP means specifically a green bar with a Subject name, but even that can be faked with enough means.
understand and pop a password input. But the password can be omitted in the URI. 2/2
Yes. If the server doesn't accept it, it can return a 401 Unauthorized with a coherent WWW-Authenticate header, which your browser will 1/2
.