Background
Break News
How to add local font to Tailwind Css and NextJS? - Tutorial Design Pattern? - Blockchain Technology, How to create own Bitcoin virtual currency - Zustand mordern management state - Design Pattern - Flyweight Pattern? - Docker Full training Topic

[Knowledge] Securely hash passwords on server side for better protection and flexibility

Knowledge
Tips
Sunday 20 August 2023
|
Read: Completed in minutes
Webzone - Zidane

[Knowledge] Securely hash passwords on server side for better protection and flexibility

When it comes to handling user passwords in a login system, it is generally recommended to hash the passwords on the server side rather than on the client side. Here's why:


1. Protecting password during transmission: When hashing passwords on the client side, the hashed password would need to be transmitted from the client to the server. This introduces a potential security risk if the transmission is intercepted or compromised. On the other hand, transmitting the plain text password over a secure connection (e.g., HTTPS) from the client to the server allows the server to handle the hashing process securely.

 

Securely hash passwords on server side for better protection & flexibility

 

2. Secure hashing algorithms: Hashing algorithms are designed to be computationally expensive, making it difficult for an attacker to reverse-engineer the original password from the hash. Server-side hashing allows you to use industry-standard, well-tested hashing algorithms, such as bcrypt or Argon2, which have built-in security features like salting and work factor/tuning parameters. These algorithms are specifically designed for password hashing and are more secure than client-side hashing implementations.


3. Protecting against client-side attacks: Client-side hashing relies on the client's environment and code integrity. If an attacker can compromise the client-side code or manipulate the JavaScript, they could potentially manipulate or bypass the hashing process altogether. Server-side hashing ensures that the hashing process is controlled and secured on the server, reducing the risk of client-side attacks.


4. Flexibility for future changes: Storing hashed passwords on the server allows you to easily upgrade your hashing algorithm or adjust the work factor as needed in the future. If you were to hash passwords on the client side, changing the hashing algorithm or work factor would require all clients to be updated, which can be a challenging and time-consuming process.


In summary, it is generally recommended to pass the plain text password securely from the client to the server and perform the password hashing on the server side using a secure and well-tested hashing algorithm. This approach provides better protection for password storage and reduces the risk of various types of attacks.
 

Thank you for reading this post. I hope you found it helpful and easy to follow. If you have any feedback or questions about Securely hash passwords on server side for better protection and flexibility , please share them in the comments below. I would love to hear from you and discuss this topic further
✋✋✋✋  Webzone Tech Tips Zidane, all things tech tips web development  - I am Zidane, See you next time soon ✋✋✋✋
Posted by at
Labels: ,
πŸ™‡πŸΌπŸ™‡πŸΌ We Appreciate Your Comments and Suggestions - Webzone, all things Tech Tips web development

Related Posts

Popular Webzone Tech Tips topic maybe you will be like it - by Webzone Tech Tips - Zidane

PHP How to use Array Object Class in easy way

PHP is a popular and powerful programming language that allows you to create dynamic and interactive web applications. PHP supports variou...

[Tips] How to Get current link path of website from PHP

This function will be help you how to get current link path of website from PHP Source code Explore My Other Channel for More Co...

[Solved] Fix Camtasia Studio Bug "It is either an unsupported media type or required codecs are not found"

Hello everybody, welcome to Learn Tech Tips Blog, Today I will share with you how to fix Camtasia Studio Techsmith Bug. -  "It is eithe...

[Solved] How to fix "The remote session was disconnected because license store creation failed with access denied. Please run remote desktop client with elevated privileges"

Topic today I will share with you how to fix one issue many people got it when using Remote Desktop . That issue is: The remote session was ...

[Solved] Bootstrap Datetimepicker OnChange event (WORKING)

Hello everyone, welcome back to Learn Tech Tips blogspot Today topic is show you how to fix bug OnChange event not working with Bootstrap 4D...

[Tips] How to "read and write struct file with C# programming language"

In this article, I will teach you how to write a structure file in CSharp. A structure file is a type of binary file that stores data in a p...

[Tips] How to read write Ini File in C#

How to Read and Write INI Files in C# INI files are a simple and widely used format for storing configuration settings. They consist of s...

[Tips] Add custom header in HttpWebRequest

When you call request from client to server, sometimes, you need to add custom header in HttpWebRequest , you can add it by add headers as b...

[Tips] How to encode and decode unicode escape C# character

What's unicode escape C# character? That same as below character. "\ud83c\udf1f[C\u1eadp Nh\u1eadt" You'...

[Tips] Get process memory information with process id by GetProcessMemoryInfo API

Do You want to get memory of process with process id? or you can consider do it with GetProcessMemoryInfo API. Explore My Other C...
As a student, I found Blogspot very useful when I joined in 2014. I have been a developer for years . To give back and share what I learned, I started Webzone, a blog with tech tips. You can also search for tech tips zidane on Google and find my helpful posts. Love you all,
I am glad you visited my blog. I hope you find it useful for learning tech tips and webzone tricks. If you have any technical issues, feel free to browse my posts and see if they can help you solve them. You can also leave a comment or contact me if you need more assistance. Here is my blog address: https://learn-tech-tips.blogspot.com.
My blog where I share my passion for web development, webzone design, and tech tips. You will find tutorials on how to build websites from scratch, using hot trends frameworks like nestjs, nextjs, cakephp, devops, docker, and more. You will also learn how to fix common bugs on development, like a mini stackoverflow. Plus, you will discover how to easily learn programming languages such as PHP (CAKEPHP, LARAVEL), C#, C++, Web(HTML, CSS, javascript), and other useful things like Office (Excel, Photoshop). I hope you enjoy my blog and find it helpful for your projects. :)
Thanks and Best Regards!
Follow me on Tiktok @learntechtips and send me a direct message. I will be happy to chat with you.
Webzone - Zidane (huuvi168@gmail.com)
WebDevZone
I'm developer, I like code, I like to learn new technology and want to be friend with people for learn each other
I'm a developer who loves coding, learning new technologies, and making friends with people who share the same passion. I have been a full stack developer since 2015, with more than years of experience in web development.
Copyright @2022(November) Version 1.0.0 - By Webzone, all things Tech Tips for Web Development Zidane
https://learn-tech-tips.blogspot.com