I was creating my own website with a server and a database, that should store usernames and passwords. And I had a few problems understanding where should security measures be put and how exactly they work.
As far as I am aware, it is very important to encode (the best way using a hash function) the passwords in the database, so that no one would be able to access them by hacking my server or accessing it from inside. And as I understand having a good hash functions means that it is almost impossible to get the password (only it’s hashed version) and you cannot fain access just using the hashed version, right?
However I was not able to find any information about the possibility of a criminal intercepting the data sent from user to server, containing the password itself (because as i understand, it’s only hashed and saved on the server side). Shouldn’t any security measures (like encryption or something) be done while exchanging information between user and server?
Aucun commentaire:
Enregistrer un commentaire