I've encrypted a password field in my DB by MD5, and I handle it encrypted in my back-end, but when user types their password in, it is in plain text.
Is there a safe way to pass the password from the front-end to the back-end? MD5 doesn′t have sense in this case...
NOTE: I'm using HTTPS and the POST Method.
See Question&Answers more detail:os
While the accepted answer correctly describes how you should STORE passwords on the server side, the question was actually on how to transmit password safely from client to server.
I just want to make clear that the salting and hashing is done at the server side. The client would just sent the clear text password over a secure connection (HTTPS) to the server.
