Reputation: 659
yii2 password encryption to send in network
I am developing a yii2 website that also has a connected mobile app. I would like to know what is the recommended way in the client side, both the mobile and the web page to send the password during authentication? Obviously sending clear text is not a recommended way, so I would like to know what's the standard ways of doing it.
In the login form when the user login's with a plain password, do we encrypt and send it? if so what is the encyption standard that we should use?
In the mobile(IOS and Android), what encryption standard's they should use in the REST Api? (Im using yii2 REST API framework)
Upvotes: 0
Views: 513
Answers (2)
Reputation: 3004
you can use HTTP Basic Authentication, OAuth or Query parameter
https://github.com/yiisoft/yii2/blob/master/docs/guide/rest-authentication.md
Upvotes: 0
Reputation: 1918
Your should POST to an HTTPS URL.
The web browser and the mobile client should then do the magic for you.
PS: After successful authentication you should use something like an random/known authToken, instead of sending the password with every request.
Upvotes: 1
Related Questions
- How to store a password in encrypted form in Craft CMS?
- PHP Yii2 Password Encryption
- How to use CPasswordHelper in yii2
- How to encrypt password before post from login form?
- How can I save an encrypted data using Yii::$app->security->encryptByKey() in Yii2
- password encryption in Yii to sha512
- Encrypt REST Response Stream with Yii 2.0
- Yii2 Username and password encryption
- Yii2 REST API authentication
- Yii encrypt and decrypt password