Where is the password hash generated during authorization

P

PragmaticProgrammer2016-01-27 13:04:45

User identification

PragmaticProgrammer, 2016-01-27 13:04:45

Where is the password hash generated during authorization - on the client or server side?

Quite a lamer question on the topic of the authorization mechanism.
How does the password get to the server? In open form or already in the form of a hash? If in open form, how is the password protected from interception by sniffers? With the help of https or are there any other security mechanisms?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

F

fedot1325, 2016-01-27
@PragmaticProgrammer

The password to the server comes mostly in clear text, you can, of course, overtake it on the client into some kind of sha512, but there is not much sense in this, it will hide the password in clear text from the interceptor, but it will not save you from gaining access. Https is the only and best way to protect against interception.

V

vaut, 2016-01-27
@vaut

The hash is usually obtained on the server side.
I haven't heard anything other than https.

A

Alexander, 2016-01-27
@Tuborg

On the server side, give yourself a free ssl certificate from the Chinese