Guys, the challenge is to store passwords in encrypted form. As I understand it, you can hash passwords md5 + salt. Ok, I tried to do it all on the server (for starters only in md5 without salt), I use spring security, well, in general, some sort of crap turns out, the password is hashed, but I constantly need to watch when I receive the password from the client - it must be I have to hash it in md5 - not very convenient, that is, the real password comes from the client. Now I wonder if this is not easier to turn on the client? That is, where is it better to hash the password on the backend or client? If on the client, tell me exactly how to turn all this, I'm not strong in js.

Thank you in advance.

  • on the client it is impossible to hash. otherwise the meaning is generally hashing? look in the direction of JAAS - cache
  • OK, I receive a password when registering. I have to transfer it to the hash before I save it, I receive a password when authorizing the same garbage, are there any solutions in spring security? - Andrey Sibirkin
  • @AndreySibirkin and what, are you too lazy to check the password hash during registration and before authorization? - Alexey Shimansky
  • no, there are just bikes in the custom implementation of authorization ss, well, ok, thanks - Andrey Sibirkin
  • Here is an example of Spring security, true in English mkyong.com/spring-security/… - cache

1 answer 1

In spring-security, this is provided in order to hash passwords coming from users, you need to configure the authentication settings in the WebSecurity configuration. For me, it looks like this

private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); @Autowired public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder); }