All geek questions in one place

How to securely send / store password in Spring RESTful login service

In the login service, the user sends json as a payload to the Spring RESTful login service, as shown below:

{
 "username": "john",
 "password": "doe"
}

Once the RESTful Spring service accepts the call, it compares the password with one repository in the database in plain text.

I see two problems in the current implementation.

  • The password is sent via HTTP as a POST payload in plain text.
  • The correct password stored in the database is in plain text.

For problem 2, I decided to use bcrypt to encrypt the password stored in the database as indicated in this post . Is this a good way?

1 , . - ? !

Edit:

, , HTTPS. POST.

2 ( ) , ?

1, ?

+4
2
  • HTTPS.
  • , POST.
  • - .
  • , db .

. . . , - , .

.

+4

, . , , xenteros :

  • HTTPS.
  • , POST.
  • - .
  • , db .

. . . , - , .

HTTP, HTTPS, javascript. javascript. - . .

MD5 JavaScript

xenteros

0

Source: https://habr.com/ru/post/1663717/

More articles:


All Articles