I don't want to transfer plain hash of password(because it can be easily used to authenticate later). Is spring have build in features to provide random salt for http client, and apply salt to hash of password(or some other combinations to pass to the server random password hash every time)?
Asked
Active
Viewed 220 times
0
-
Sorry, but this doesn't make any sense at all. It sounds like you are completely misunderstanding what password hashing and salting is used for. Sending hashed passwords from a client doesn't offer any additional security. Have a look at the second part of [this answer](http://stackoverflow.com/a/8488832/241990), for example. I'd also recommend you do some basic research on password hashing and authentication. It's widely covered on SO and elsewhere. – Shaun the Sheep Sep 03 '13 at 12:19
-
take look at HTTP digest authentication, and you will see sense in my question. I want to transfer "unique" password every time, to prevent using pwd hash to login more than one time. Every time, when server need to check password, it will check new hash. – e_chekan Sep 04 '13 at 20:36