Paul Messmer14,424 Points
Would you still use something like bcrypt?
so the way I understand it is this makes the credentials encoded before sending it to the server. Would you still run the encoded credentials though a program like bcrypt before passing it to the data base?
I assume the answer is yes because it would be one more step of safety built into the website but would still like to know
Jennifer NordellTreehouse Teacher
Paul Messmer Absolutely! No password should ever be saved in the database unencrypted. You would want to save the hash of the password in the database as opposed to saving the password as plain text. Then when the user sends their credentials, you'd compare the hash of what they send to the hash stored in the database server-side.
Hope this helps!