S
S
StynuBlizz2017-01-24 03:18:52
Android
StynuBlizz, 2017-01-24 03:18:52

Would such a password scheme be correct?

Please let me know if this is the correct way to do this :

  • the data entered by the user (the password is not encrypted, transmitted as is) is sent via HTTPS to the server
  • upon arrival at the server, the data is stored in the database (the password is hashed before being entered into the database)

And the scheme of work when entering the account:
  • unencrypted data is also transmitted over HTTPS
  • upon arrival at the server, they are checked for validity with those that are in the database
    • if they are not valid, then a signal is sent to the user that the data entered is incorrect
    • if they are valid, then here I have a second question: what to do next?


PS The client is an Android application
PPS Don't forget about the first question "is this scheme correct?"

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
alex maslakoff, 2017-01-24
@teke_teke

Correctly.
You also need another salt for "the password is hashed before being entered into the database."
"if they are valid, then here I have a second question: what to do next?" -- log in user.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question