Background
Break News
How to add local font to Tailwind Css and NextJS? - Tutorial Design Pattern? - Blockchain Technology, How to create own Bitcoin virtual currency - Zustand mordern management state - Design Pattern - Flyweight Pattern? - Docker Full training Topic

[Knowledge] Securely hash passwords on server side for better protection and flexibility

Sunday 20 August 2023
|
Read: Completed in minutes

[Knowledge] Securely hash passwords on server side for better protection and flexibility

When it comes to handling user passwords in a login system, it is generally recommended to hash the passwords on the server side rather than on the client side. Here's why:


1. Protecting password during transmission: When hashing passwords on the client side, the hashed password would need to be transmitted from the client to the server. This introduces a potential security risk if the transmission is intercepted or compromised. On the other hand, transmitting the plain text password over a secure connection (e.g., HTTPS) from the client to the server allows the server to handle the hashing process securely.

 

Securely hash passwords on server side for better protection & flexibility

 

2. Secure hashing algorithms: Hashing algorithms are designed to be computationally expensive, making it difficult for an attacker to reverse-engineer the original password from the hash. Server-side hashing allows you to use industry-standard, well-tested hashing algorithms, such as bcrypt or Argon2, which have built-in security features like salting and work factor/tuning parameters. These algorithms are specifically designed for password hashing and are more secure than client-side hashing implementations.


3. Protecting against client-side attacks: Client-side hashing relies on the client's environment and code integrity. If an attacker can compromise the client-side code or manipulate the JavaScript, they could potentially manipulate or bypass the hashing process altogether. Server-side hashing ensures that the hashing process is controlled and secured on the server, reducing the risk of client-side attacks.


4. Flexibility for future changes: Storing hashed passwords on the server allows you to easily upgrade your hashing algorithm or adjust the work factor as needed in the future. If you were to hash passwords on the client side, changing the hashing algorithm or work factor would require all clients to be updated, which can be a challenging and time-consuming process.


In summary, it is generally recommended to pass the plain text password securely from the client to the server and perform the password hashing on the server side using a secure and well-tested hashing algorithm. This approach provides better protection for password storage and reduces the risk of various types of attacks.
 

Thank you for reading this post. I hope you found it helpful and easy to follow. If you have any feedback or questions about Securely hash passwords on server side for better protection and flexibility , please share them in the comments below. I would love to hear from you and discuss this topic further
✋✋✋✋  Webzone Tech Tips Zidane, all things tech tips web development  - I am Zidane, See you next time soon ✋✋✋✋

πŸ™‡πŸΌπŸ™‡πŸΌ We Appreciate Your Comments and Suggestions - Webzone, all things Tech Tips web development
Popular Webzone Tech Tips topic maybe you will be like it - by Webzone Tech Tips - Zidane
As a student, I found Blogspot very useful when I joined in 2014. I have been a developer for years . To give back and share what I learned, I started Webzone, a blog with tech tips. You can also search for tech tips zidane on Google and find my helpful posts. Love you all,

I am glad you visited my blog. I hope you find it useful for learning tech tips and webzone tricks. If you have any technical issues, feel free to browse my posts and see if they can help you solve them. You can also leave a comment or contact me if you need more assistance. Here is my blog address: https://learn-tech-tips.blogspot.com.

My blog where I share my passion for web development, webzone design, and tech tips. You will find tutorials on how to build websites from scratch, using hot trends frameworks like nestjs, nextjs, cakephp, devops, docker, and more. You will also learn how to fix common bugs on development, like a mini stackoverflow. Plus, you will discover how to easily learn programming languages such as PHP (CAKEPHP, LARAVEL), C#, C++, Web(HTML, CSS, javascript), and other useful things like Office (Excel, Photoshop). I hope you enjoy my blog and find it helpful for your projects. :)

Thanks and Best Regards!
Follow me on Tiktok @learntechtips and send me a direct message. I will be happy to chat with you.
Webzone - Zidane (huuvi168@gmail.com)
I'm developer, I like code, I like to learn new technology and want to be friend with people for learn each other
I'm a developer who loves coding, learning new technologies, and making friends with people who share the same passion. I have been a full stack developer since 2015, with more than years of experience in web development.
Copyright @2022(November) Version 1.0.0 - By Webzone, all things Tech Tips for Web Development Zidane
https://learn-tech-tips.blogspot.com