How can the security of passwords be guaranteed when Single-page application developed by react vue angular uses ajax to log in and transfer data?

  node.js, question


Take rare earth nuggets as chestnuts: you can see the password is clear. How to ensure safety?

Is https okay?

1. The front-end js code is completely naked, so it is readable even if there is encrypted code. If you are compatible with browsers that cannot run js, you also need to write an interface that logs in with the original password.
2. Even if the front end is encrypted, the user can still get the Message-Digest Algorithm 5.Original text, if the back-end does not do security processing (MD5 plus hash) directly write to the database, then users know the original Message-Digest Algorithm 5 and can log in.

Encryption of the original text at the front end is rogue behavior, and the security mechanism for transmission is the focus.
We can’t have the idea that the front end can be encrypted and the back end can not handle it. The back-end security mechanism is the guarantee.

Therefore, https is the right way to go and have a look.ssl/tlsProtocol (actually https).
Take a closer look at https. At this stage, the cost of https has been reduced and more people have landed.
By the way, AmwayHttp 2.0 protocol.

More specific answers can be found in this
Does Web Front End Password Encryption Make Sense?

A simple introduction to https can be found in these articles.
Talk about HTTPS and SSL/TLS protocols
Overview of SSL/TLS Protocol Operation Mechanism
Seven Misunderstandings of HTTPS (Translation)


All technologies are based on business landing.