dwoodard wrote:

Unless you are using SSL, you realize that this is not secure? A hacker wouldn't need to do anything but capture the hash and that would be as good as having the password itself.

well he said "pass hashed string" not encripted string Smiley it should be a diference. The first is not necesarly secure