C
C#16mo ago
Developful

✅ Login system using avalonia

I'm using avalonia to make a simple login system. The way it works is that you put in your credentials, and then it sends over to the backend (servers), so it can check if they're correct. But I have a question, when you make an account for example, which sends the password over to the server to store it (a hashed version of it), wouldn't a middle man be able to take it? Is there a way to prevent this by encrypting or something? And also when sending over the password to the backend to check for credentials, wouldn't this propose basically the same problem? If so, what are some ways to prevent this? Or is this an issue I'm somehow overthinking? I've searched a bit for login/authentication systems, but can't really find much (perhaps i'm googling the wrong thing).
6 Replies
Pobiega
Pobiega16mo ago
HTTPS my friend, HTTPS. I'm assuming you are using HTTP to send messages between your clients and the backend, and if thats true, hopefully you are using HTTPS.
Developful
DevelopfulOP16mo ago
oh i haven't made this yet, i'm still brainstorming on how to do it. obviously https is my go-to option would that actually be enough?
Pobiega
Pobiega16mo ago
It comes with transport layer secuyity (TLS), which means your data is actually encrypted oh yes, absolutely if its good enough for everyone else, including banks, stock markets, airlines, facebook, google etc... On the server side, you would ofcourse never store the password as plaintext thou, use something nice like argon to store a salted hash of it
Developful
DevelopfulOP16mo ago
yeah incase of a data breach. well this would never actually happen, its just a small project of mine, but still good enough to learn lots thank you so much
Pobiega
Pobiega16mo ago
np
Pobiega
Pobiega16mo ago

Did you find this page helpful?