Comment by thih9
6 months ago
It can be done server side too, the old password can be sent along the new one and the server can verify it.
6 months ago
It can be done server side too, the old password can be sent along the new one and the server can verify it.
Yes, what I meant to say that it doesn't even have to be done server-side, so the fact it happens doesn't imply the server ever sees the old password beyond it's initial setting.