Answer the question
In order to leave comments, you need to log in
S
S
StynuBlizz2017-01-24 03:18:52
StynuBlizz, 2017-01-24 03:18:52
Would such a password scheme be correct?
Please let me know if this is the correct way to do this :
- the data entered by the user (the password is not encrypted, transmitted as is) is sent via HTTPS to the server
- upon arrival at the server, the data is stored in the database (the password is hashed before being entered into the database)
And the scheme of work when entering the account:
- unencrypted data is also transmitted over HTTPS
- upon arrival at the server, they are checked for validity with those that are in the database
- if they are not valid, then a signal is sent to the user that the data entered is incorrect
- if they are valid, then here I have a second question: what to do next?
- if they are not valid, then a signal is sent to the user that the data entered is incorrect
PS The client is an Android application
PPS Don't forget about the first question "is this scheme correct?"
1 answer(s)
@teke_teke
A
alex maslakoff, 2017-01-24 @teke_teke
Correctly.
You also need another salt for "the password is hashed before being entered into the database."
"if they are valid, then here I have a second question: what to do next?" -- log in user.
Similar questions
X
M
H
V
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question