search

mxstbr / login-flow

:key: A login/register flow built with React&Redux
https://loginflow.mxstbr.com
MIT License
1.6k stars 215 forks source link

Remove client side bcrypt. #37

Closed phouse512 closed 6 years ago

phouse512 commented 6 years ago

https://github.com/mxstbr/login-flow/blob/44b34885d0bbfac18d57bd7879f886f022817774/js/actions/AppActions.js#L51

I would modify this example to not hash the password on the client side (unless it is also being done on the server). Briefly, if you are using a secured communication protocol (SSL, for example), then there is no need to hash this here.

If anything, it's better to leave it on the server side - see this post for more info.

mxstbr commented 6 years ago

Duplicate of #31. I hash on the server too.