Jun-28-2020, 05:14 AM
(May-17-2020, 11:07 PM)Pedroski55 Wrote: As I understand it, when a user logs in, his or her password is not sent in that form, but scrambled and sent. Not sure if this is correct.
Hashing (and salting!) of the password is usually done on the server.
If you want to understand some of the concepts, the OWASP have a cheat sheet here.