Hi,
No, hash value of the password is created on the server after client send it
as a plaintext. The reason why are passwords stored as a hashes is to
prevent it's misuse when the database is hacked, not to transmit them
securely. So yes, form manipulation would be successfull.
Btw. I don't think that login controls would use MD5 - it's unsecure,
deprecated alghorithm.
"jens Jensen" <je**@jensen.dk> pí¹e v diskusním pøíspìvku
news:e7**************@TK2MSFTNGP15.phx.gbl...
Hello,
When my users logs in to my site, an MD5 hashed value of the password is
sent to the server, and there the value is validated against a database.
What if someone catchs my hash value and also send it to my server. Will
that form manipulation succeed?
Many thansk in advance
JJ