Encoding passwords md5 / hash ... problem with client
Kristjan O. 40 posts - Slovenia - Joined Sep 18 2012
I need your advice.
I have a client for which I developed a website. At that point we didn't talk anything about security, only that the site requires user registration/login. All user inputs are sanitized properly but now the client did some reading on the web and decided that md5 encoded passwords aren't strong enough and want me to change it into hashed passwords.
What's your opinion on this, should I make the upgrade on my own time and for free or should I charge for it? The client said that she expected the site to be safe and can't agree with the payment.
what would you do?
Score: 0.0, Votes: 0