ebeeson
commented
8 years ago @hatpick Why not? How do you think passwords get to servers in the first place?
Open hatpick opened 8 years ago
ebeeson
commented
8 years ago @hatpick Why not? How do you think passwords get to servers in the first place?
hatpick
commented
8 years ago At the very least, on a secure transport layer such as https so sniffers can't sniff!
ebeeson
commented
8 years ago Of course :) Is it suggested anywhere that this should be accessed insecurely?
hatpick
commented
8 years ago Sorry, a better approach would have been suggesting adding https support to your code:
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
// your express configuration here
var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
httpServer.listen(80);
httpsServer.listen(443);Updated the title as well :smiley:
I don't wanna burst the bubble for you, but do you think anybody is interested to send their passwords as raw text into a remote server?!