How to hide environment variable angular 2

Question

Following that question

Hello,

How can I hide the salt of an password encryption (used when the user is login/registering) stored as environment variable in my Angular2 project ?

Thanks for helping

Answer 1

This logic is not logic you would want to operate within the Front-End Angular application, this should be dealt with server side. I dont believe there is a common pattern to follow for scenario's where salting would be done within the application.

When a request is made if you send the password in an API request, this shouldnt be too much of a problem as the only person that should have access to viewing the requests sent via HTTP is the person using the computer. If they allow other people to access there computer / browser terminal, this is at the discretion of the user.

When the password then reaches its API it should be salted there before insertion into a DB or however back-end would like to handle this.

You could base64 the password before you send it so it isnt plain text in the body of the request being sent. Just be sure to undo this when it has reached the API.

To Ensure the password that is travelling to the server is not intercepted you should ensure the use of HTTPS (SSL) connection, this will improve the security and lower the likely hood of interception.

I would recommend more research, beyond my answer.

This is worth reading, including similar answers, questions and comments.