CODEWITHSUNDEEP
javascriptajaxhttps
su3158
su3158

Reputation: 613

How to encrypt in javascript

I want to use the same domain site for login authentication in the system I'm currently creating.

I was able to confirm that the login information is correct using Ajax, and I'm using HTTPS communication. But no matter how much I use HTTPS, I don't want to send my password in plain text. I want to send it encrypted so that it can be compounded with .

The system that verifies your login information is .NET, so you have to be able to compound there.

I also don't know if it's common to encrypt passwords even when using HTTPS communication.

login.js

var app = new Vue({
    el: "#app",  
    data: {      
        url: "https://********",
        user: "",
        password: ""
    },
    methods: {
        login: function () { 

            //I want to encrypt it here.

            axios.post(this.url, {
                user: this.user,
                password: this.password
            })
                .then(function (response) {
                    // alert('OK');
                    // alert(response);
                    console.log(response);
                })
                .catch(function (error) {
                    alert('NO');
                    // alert(error);
                });
        }
    }
})

Upvotes: 1

Views: 165

Answers (2)

machineghost
machineghost

Reputation: 35790

Elias's answer is the correct one here (I upvoted it). But just for anyone else who might find this question later based on its title, Javascript can do secure encryption.

If you're looking for that, I'd recommend the npm package "bcrypt", as it's sort of an industry standard for doing encryption in JS (eg. it's what you would use if you're following Elias's advice on an Express server, and want to hash your passwords).

Upvotes: 3

Elias Soares
Elias Soares

Reputation: 10254

There's no advantage in sending your password encrypted if you are already using HTTPS, the data will be well encrypted already. You will just add more overhead.

You might focus your concerns on how the server side handles the receives data:

  1. Does it store plain-text passwords anywhere? If yes, stop doing that. You should store hashed passwords (hashed, not encrypted) instead.
  2. Is possible that some error make the password visible in error logs? If yes, fix it.
  3. Is you server safe enough? Attackers will probably use server vulnerability to grab your data instead of trying to intercept and decrypt an HTTPS connection.
  4. Is your HTTPS setup correctly? (Use https://www.ssllabs.com/ssltest/ until you get A grade ssl)

Upvotes: 5

Related Questions