Re: storing passwords in cleartext

In the past, i've used javascript to hash the password client-side, and compare it to the hashed passwords stored in the database.

The hashed password is still sent in the clear (and someone eavesdropping can still use it to log in), but no cleartext passwords are revealed to the eavesdropper or someone who has gained entry to the db.

While it doesn't do much for the security of your application, it will prevent an attacker from trying a password on another system (e.g. to access your e-mail or banking information)