Hi there,
Is there anyway to encrypt the login credential and decrypt it at the server end? Is there any examples that somebody can point out?
Thanks for your help.
Storing user credentials are not preferred at client app and as far as i know , no framework can provide a full proof way to encrypt login credentials.
In production environment, when a user tries to login in a application, their credentials are sent to server which then gets authenticated. After authentication, a unique token is issued which is stored by client app. For further request on behalf of user, client includes that token in each request. That token must be refreshed after some time.
2 Likes
Cool, I want to make sure that I don’t send plain text userid and password from the client app and wanted to encrypt it at the client side before sending it to the server. That’s what I am looking for.
If you are sending them via POST method, there is almost negligible chances of any data theft. If you’re using any encryption in app, it will make your app slow. I would advice you to submit login credentials via POST method.
Another thing that you can do to make data leak more difficult is to create a secret api endpoint for login. For example,
https://yoursdomian.com/api/trump/putin/modi/etc/login/credentials
Even though this trick might look like kinda funny, but it will protect your api endpoint. Now to get the api endpoint, they must need to find your app among millions of other app and do reverse engineering which i guess will be difficult. POST method has not resulted in any data theft(correct me if i’m wrong)
1 Like
Great 
, I hadn’t thought about it like that. I like the idea.
thanks