17Oca
Password hashing on frontend or backend? [duplicate]
I have a Java Server with Spring Boot and a JS Frontend in AngularJS.
My teacher told me to use HTTPS for passwords, because I cannot hash them securely enough, that nobody can hack them.
With HTTPS, if I get it right, I do not have to hash it extra. My source: I just send username and password over https. Is this ok?
So now to my question: I store the pw in a DB of course. Where should I hash them? Frontend or Backend?
- If I hash it on frontend, I do not have to do sth else on backend; but if the HTTPS certificate expires I'm insecure.
- If I do it on backend, I do not have to do sth else on frontend; but if the HTTPS certificate expires I'm insecure.
I would use Scrypt, which is made for password hash.
