✅ Login system using avalonia
I'm using avalonia to make a simple login system. The way it works is that you put in your credentials, and then it sends over to the backend (servers), so it can check if they're correct.
But I have a question, when you make an account for example, which sends the password over to the server to store it (a hashed version of it), wouldn't a middle man be able to take it? Is there a way to prevent this by encrypting or something?
And also when sending over the password to the backend to check for credentials, wouldn't this propose basically the same problem?
If so, what are some ways to prevent this? Or is this an issue I'm somehow overthinking? I've searched a bit for login/authentication systems, but can't really find much (perhaps i'm googling the wrong thing).
6 Replies
HTTPS my friend, HTTPS.
I'm assuming you are using HTTP to send messages between your clients and the backend, and if thats true, hopefully you are using HTTPS.
oh i haven't made this yet, i'm still brainstorming on how to do it. obviously https is my go-to option
would that actually be enough?
It comes with transport layer secuyity (TLS), which means your data is actually encrypted
oh yes, absolutely
if its good enough for everyone else, including banks, stock markets, airlines, facebook, google etc...
On the server side, you would ofcourse never store the password as plaintext thou, use something nice like argon to store a salted hash of it
yeah incase of a data breach. well this would never actually happen, its just a small project of mine, but still good enough to learn lots
thank you so much
np
