Reputation: 189
FrontEnd or BackEnd encrypting?
I'm building a system requiring a password. My question is, should I encrypt it frontend or backend? If I do it frontend (with javascript probably) then everyone could crack the encryption = big security issue. But if I do it backend, then the plain password has to be sent somehow which also will create a security hole. So my question is how I should do this properly?
Upvotes: 5
Views: 6548
Answers (2)
Reputation: 15091
You should never try to create your own security protocols or throw around your own crypto. It is recommended to use the best standards available. To achieve what you're trying to do, I'd use a standard HTTPS/SSL protocol. And yes, as 'damphat' mentions, salting passwords is crucial, along with latest hash functions.
Upvotes: 7
Reputation: 732
Your encryption should be on the server. As long as you are sending the plain text password over HTTPS, the password is safe from everyone except the NSA :)
Upvotes: 2
Related Questions
- Symmetric encryption with NodeJS
- JS frontend encryption with public-private key
- Fast yet secure way to encrypt strings in nodejs?
- Client-side encryption in NodeJS/Javascript
- Where to store sentitive data?
- Should I encrypt login password on Javascript or on backend?
- Best way to encrypt and decrypt persisted data in Node.JS?
- Node.js - Encryption
- NodeJS Crypto encryption to front end javascript decryption
- Node.js server-to-server encryption