Encryption of user credentials

Question

Now I got to user registration and there was a question about data encryption at the stage of data transfer to the server. Does it need to be encrypted during transmission or should all processing take place on the server?

I read several articles and information on this topic a lot has been written and everyone has their own opinion + you need to be well versed in all concepts of how and what works.

Otherwise, it will be difficult to work with user data by its identifier, which is almost always his login.
It is necessary to encrypt only the password (when saving to the database).
Usually for this purpose they take just some password hash and write it to the base.
It has already been implemented everywhere, and nothing should be done with our hands.
You have already decided on what kind of attacks are defending?
I am not sure that we understood each other correctly, my question is exactly whether it is necessary to encrypt the data at the moment of their transfer to the server or does all the processing take place on the server?
@AlekseyTimoshchenko perhaps you did not understand me, but I ask what you are protecting from, it depends on what you trust and what you don’t.

Accepted Answer · 2016-05-11T15:01:47

It's not entirely clear what you want to encrypt. If the channel between the client and the server, then HTTPS for the "normal user" is enough.

ADDON
Here's how to create a secure connection to the server using HttpsURLConnection :

 URL url = new URL("https://..."); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();

Everything, now the transmission channel is encrypted.

Comments are not intended for extended discussion; conversation moved to chat . - Nick Volynkin ♦

Encryption of user credentials

1 answer 1

More articles: