I read lots of info about login security, and most with Ajax. Mainly I was thinking to pass via javascript the password and username in plain text, and in php hash it. This way: JS plain text > php hash > database
What about hash twice during Ajax ? Do you think it's good? Like this: JS hash > php hash > database
So I don't care about hackers during Ajax request and of course another hash on the server will make it more secure and it's one of the best hashing method I found. Using JS hashing I will never recive the real password on the server, but, I don't need the real password, just an hash to compare the passwords hashed.
Better with JS hashing or I can go with just php hash?
