javascript - What is the best practice for sending password from frontend to API server? -


i implementing web application composed javascript front end (single page application if prefer), , rails backend.

the front end app make request through api server, want know best practice sending password on login or password reset.

should send clear password, or should send hash?

i think both of 2 solutions have drawbacks:

if hash password js, user have code in browser , can understand how secure password.

if keep clear, beh, clear , can intercepted.

as long you're using https password cannot intercepted. well.... won't intercepted. tactics have use in order capture password out of control. user have sure connected site.

i suggest reading this answer well.

he goes on take in order intercept https communication. responsibility make sure site serves on https , have valid certificate.


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -