Currently when we change our password, the password sent to client is not encrypted.
When we login, the password is dealt with sha256. But if hacker hijacked the result, he can still do things with correct ajax method.
So beside https, how to get the best effect of encryption between client and server?
I think, The message sent between client and server should be hard to deal.
And we should find a way, to send password/encryption-related message without/cannot fully seen by hacker.
Scripting command: Data manipulation maybe useful as there are some mathematical things.
Additionally, {.get account||password.} can get original password, {.sha256|A.} can make it undiscoverable, {.time|yyyymmddhhMMss.} can get a timestamp...
Anyone can share a bit suggestions?