A
Anonymous
Guest
Well, if you're using authentication it should be over SSL.
But, in the case that you can't use SSL, then passing user information over cleartext is all you can do.
This can be accessible from anyone on a wireless connection, anyone on the ISP from and to the source and destination.
However, putting passwords in the DB will prevent that cracker from getting that users passwords and using them on other sites where they might be using the same password.
It's about ethics more than just security.
-B
But, in the case that you can't use SSL, then passing user information over cleartext is all you can do.
This can be accessible from anyone on a wireless connection, anyone on the ISP from and to the source and destination.
However, putting passwords in the DB will prevent that cracker from getting that users passwords and using them on other sites where they might be using the same password.
It's about ethics more than just security.
-B