i want to hash a users password and store the hashed value on a database. i want to know where to perform the conversion to hashed value? should it be in jscript on the page, or in c# code on the server? if its done in c# code on the server, the raw password is sent to the server first, and i imagine this is not as secure as doing it on the machine and then saving the hashed password. what have you implemented in relation to this?
hashing of password. where to perform this
- Thread starter fguihen
- Start date
PlausiblyDamp
Administrator
You are probably best doing the hashing on the server and storing the result in the database.
If you are requesting confidential information in a page you should be using https for the connection anyway, therefore you are not sending the password plaintext as the connection itself is encrypted.
If you are requesting confidential information in a page you should be using https for the connection anyway, therefore you are not sending the password plaintext as the connection itself is encrypted.