Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Completely wrong (Score 3, Interesting) 433

The "decret d'application" of the law (it's a law from 2004 but not applicable before this "decret") doesn't prohibit hashed password. It's a misinterpretation of the decret.
Actually, it states that IF you store the password in clear text for authentication, you have to keep the password in clear text in your logs during a year. But IF you store a hashed version of the password, you have to log the last hashed used. And if you don't store your users' password (logged via facebook or other centralized authentication) you don't have to.

The decret only specify what to keep in the logs IF the information is already known and stored. It doesn't specify WHAT to store. What to store is specified by a EU directive.


No man is an island if he's on at least one mailing list.