Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Or do I need to encrypt it first. I’m using a password text field, grabbing it with
var pwd = $("#userpassword").val();
and then
$.post('JavaServlet', { formData: formData, pwd: pwd, date: date }, function(data) {
The java piece encrypts it and stores it in the ldap.
If you suggest to encrypt, please suggest the best way to accomplish the task.
Thanks in advance!
Answer: We are using SSL. So it seems redundant to encrypt the password.
It is not considered secure unless you use SSL of at least 128-bit encryption, which by the way, it was broken in 2010’s. Using as hashed password is a bit safer than plaintext, easier, less resource intensive and might be enough for you, depending on your requirements.
More info on Protecting Passwords with javascript md5 (a hash) and some libraries in javascript here. I understand one of them was used by yahoo many years.