What is the best practice from frontend to backend for encrypting the password received during the registration process from the frontend. For example, should I encrypt and send on the front end and then re-encrypt on the backend? I would appreciate if you could answer in node.js specific
CodePudding user response:
You don't need to front-end the hash because SSL does that for you. Best practice is use SSL, that's the whole point of it.
HTTPS uses the SSL/TLS protocol to encrypt communications so that attackers can't steal data. SSL/TLS also confirms that a website server is who it says it is, preventing impersonations. This stops multiple kinds of cyber attacks.
If you need more detail follow the link.
CodePudding user response:
const bcrypt = require('bcrypt');
const SimpleCrypto = require('simple-crypto-js').default;
const _secretKey = "YOURKEYHERE"; //key for create hash key
const simpleCrypto = new SimpleCrypto(_secretKey);
const saltRounds = 12;
exports.createHashPwd = function (password) {
return bcrypt.hashSync(password, saltRounds);
};
//create hashpassword string
const hashPassword = await passwordService.createHashPwd(plainTextPd);
You can know more about it here https://www.npmjs.com/package/simple-crypto-js