Blog-App-using-MERN-stack icon indicating copy to clipboard operation
Blog-App-using-MERN-stack copied to clipboard
verified publisher icon khushi2706

Password is not encrypted when passing its value through API

Open adityas-tz opened this issue 8 months ago • 5 comments

We are able to see the password that the api is receiving and its not encrypted.

adityas-tz avatar Mar 31 '25 09:03 adityas-tz

Can you assign this issue to me? I'm able to work on password hashing, encryption, and decryption.

afaqali1122 avatar Apr 17 '25 18:04 afaqali1122

@aditya-dev001 Is the issue still open? Can you assign it to me please?

maheen-fatma avatar May 02 '25 10:05 maheen-fatma

Hi! @khushi2706 I noticed this issue is assigned to @maheen-fatma but there hasn't been a PR yet. If it’s okay with the maintainer and the assignee, I’d love to work on this if it’s available. Please let me know!

vatsal633 avatar May 21 '25 04:05 vatsal633

@vatsal633 while maheen is still working on this issue, you can work on my open source repos - https://github.com/extinctsion Please let me know if you need any help

adityas-tz avatar May 21 '25 04:05 adityas-tz

@aditya-dev001 We currently see the password in plaintext in the frontend console logs. I have raised a PR proposing hashing the password on the frontend before sending it to the backend. However, hashing or encrypting passwords on the frontend is generally not recommended. Password encryption or hashing should be handled securely on the backend, which is already implemented in our project.

In our current setup, the raw password is sent over the network to the backend, where it is hashed and stored securely. To protect the raw password during transmission, it’s critical to use HTTPS in production, which encrypts the entire communication channel between the frontend and backend, preventing interception by attackers.

maheen-fatma avatar May 21 '25 10:05 maheen-fatma