javascript - Improving security with JS -
i’m trying little ideas, , i’ve hit snag.
at moment, when user logs in, password stored in variable handled later. 1 has hold of password go developer tools or console or whatever , add statement alert(pass.value);
.
i know unrealistic been bugging me. there way of detecting alert statement , scrambling password somehow? regex or string replace?
thanks!
if want have secure system, don't store password on client side. there absolutely nothing can in javascript prevent accessing password if stored in javascript variable.
all of authentication should handled on server side. if storing passwords somewhere, not store them in plain text, , not use home-brew encryption method. cryptology full of minefields , it's easy wrong, , recommend using thought-out system bcrypt.
Comments
Post a Comment