O'Reilly logo

Secure Your Node.js Web Application by Karl Duuna

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Move the Password Securely to the Server

We’ve established that the user needs to set a strong password and have covered how to store it. How do you move it from the web browser to the server? The first step, of course, is to use HTTPS. In fact, you should use HTTPS not just on login and registration pages but for the whole site. You will need HTTPS for login and registration pages to prevent man-in-the-middle attacks that try to steal passwords, but if you don’t use HTTPS for the whole site, your session can still be stolen. This is discussed in length in Chapter 8, Focus on Session Management.

Second, do not send a plain-text password to the user’s email as a reminder. If the application is generating the password on the user’s behalf, then ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required