Imagine a user came to my django create account page and send a post request of his username and password. If i send it raw can hackers see that? And even if i make a hash can't they just go to my webpage and see the frontend hash making function's code and get the password? Is there anyway i can send it by hashing and hackers don't know how the hash was done?
7/29/2020 5:03:34 PMWasi
3 AnswersNew Answer
Ali Abdelhady that's not what he worried about. He's concerned about sending unencrypted UN & PW over http. Wasi you're correct if your on an unsecure network they are vulnerable and client side hashing doesn't make it much more secure. If you're really concerned about security probably better off using a professional auth protocol
JME Thanks for clarifying!
I don't know about Django, but the password is hashed in the back end (as in the route function in Flask), so it is not visible to the frontend. Shouldn't it be a similar case in Django?