For password authentication, if the web application sends the account name an...
For password authentication, if the web application sends the account name and password directly to the server backend, it is possible for a careless backend developer to log the password in plaintext. Discuss a possible alternative.static/image/hrline/1.gif
For password authentication, if we hash the password and username on the client side then it will be storing in the full plain-text password and username in the database. It can also be a possible alternative of bad practices to store password. Hashing on client side can be useful if we dont trust the server and can't relay on there techinique to store passwords securily.These passwords and account name can be hacked by hackers and they can profit from those credentials. Data breach will degrade the organisation's reputation and they will never be able to build trust againSo passwords should be hashed in server backend and experienced backend developers should be hired for this job who can never do all these mistakes at this level. They must know how valuable are passwords. They must treat this data as sacred and handle it carefully. Their service instead store a cryptographically strong hash of the password that cannot be reversed at any circumstances.
页:
[1]