Hey everyone! I’m working on a project that needs password protection. I’m not sure if I should encrypt passwords on the client-side or server-side. Here’s my dilemma:
Client-side encryption:
function encryptPassword(password) {
// Some client-side encryption logic
return encryptedPassword;
}
Server-side encryption:
def encrypt_password(password):
# Some server-side encryption logic
return encrypted_password
If I use client-side encryption, couldn’t someone easily figure out the encryption method? But if I do it on the server, I’d have to send the plain password over the network, which seems risky too.
What’s the best way to handle this? Any advice on keeping user passwords safe? Thanks!
server-side encryption is way better. client encryption exposes ur method, so use https to send info securely. on server, hash passwds with bcrypt or argon2 and add proper salt. stay safe out there!
Server-side encryption remains the preferred method for safeguarding passwords. Encrypting on the client may seem advantageous at first glance, but it exposes the encryption logic to potential attackers who can easily reverse-engineer the process. Instead, transmitting the password over a secure channel (using HTTPS) to the server ensures that the data remains protected in transit. Once received, the server should apply robust hashing algorithms such as bcrypt or Argon2 along with unique salts to store the passwords securely. Additional security measures like rate limiting and multifactor authentication further reinforce the overall security of the system.
Hmm, interesting question! have you considered using both? Maybe do a light encryption on the client for extra protection, then send it over https and do the real heavy-duty hashing on the server? just brainstorming here. what do u think about that approach? could it add an extra layer of security?