Send password over TCP connection

[Peter Hansen]

dcrespo wrote:
> Two copies of the password: one on the client, the other on the server.
[snip]
> I think it is a very good solution, Isn't it?

Ignoring all the other issues, any solution which actually requires the 
password to be stored on the server is a bad solution.  Administrators 
should not have access to user passwords, and in addition users should 
not be put in the position of having to trust your server-side security 
to keep their passwords (which they might have used on other systems) 
from being grabbed by hackers.

-Peter