I am working on a Test-Page which has a working login functionality. On the server side every password is encrypted. I am wondering if the password the user enters should be encrypted before it gets send to the server backend or is this not necessary as the Test-Page uses HTTPS.
As you can see in the screenshot, username/ email and password gets sent to the server as Route Request Payload, both the email and the password are perfectly readable in the inspector tools. Screenshot: Network request
If an encryption is necessary even though https is used, how would the decryption of the password that the server gets would work? (No code needed just the explanation of the concept would be great then)
Thank you for your answers. :)
Aucun commentaire:
Enregistrer un commentaire