April 30, 2021

Why are password hashed in backend?


I don’t know if this is the right sub.

I was wondering why password are hashed in backend and not frontend? I mean, why doesn’t it produce a vulnerability?

I heard it’s because password are transported over TLS.

So the logical flow would be :
Plain text password – > crypted in TLS/SSL – > routed to the server – > uncrypted by the server – > plain text – > hashed – > compare the hash to the hash in data base

But between the TLS/SSL uncryption ans the hashing, the password would be plain text. Or are you hasing the TLS/SSL crypted password?

Because if you are not, there could be a malware on the database that collect the plain text password after the SSL/TLS decryption.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.