Handling authentication for a web app
Question
Sending username and password as plaintext, but trough HTTPS; then on server hash(salt+password) and compare that with the hash in the DB. (salt is per-user)
Doin' it right? :)
Cheers
PS: I'm using Ruby/Sinatra, gonna serve via lighttpd, I think.
1 answers
solution1
0 2010-03-10 15:15:52
It really depends on your threat modeling. HTTPS is prone to man-in-the-middle attacks, so if Phishing is expected to be a threat - you better improve your authentication protocol.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How are people handling user authentication for web services?
Sharepoint Authentication for Access by a Web App
Integrating authentication between a web app and desktop app
Password and passhash handling practices java web app
simple authentication model for iOS app and web server
Web App Authentication for REST API Backend
Is it necessary to use forms authentication in a web app?
Any library for authentication in a java web-app?
Web app authentication and securing a separate web API (elasticsearch and kibana)
Handling login functionality for native app connecting to web service
Related Tags