How to encrypt login credentials in a Next.js + Node.js app before sending to backend?
Unanswered
Brown-headed Nuthatch posted this in #help-forum
Brown-headed NuthatchOP
I’m currently developing a project using Next.js (frontend) and Node.js (backend). I have a question regarding API request security.
When I log in to the website and inspect the Network tab in the browser, I can see the username and password in plain text within the request payload. Although I’m using the "bcrypt" library on the backend to hash passwords, I’m concerned about the data being visible before it reaches the server.
Is there any way to encrypt or hide the login credentials on the frontend before sending the request to the backend? I’m currently using HTTP APIs (in a local development environment). What are the best practices for securing sensitive data in transit?
When I log in to the website and inspect the Network tab in the browser, I can see the username and password in plain text within the request payload. Although I’m using the "bcrypt" library on the backend to hash passwords, I’m concerned about the data being visible before it reaches the server.
Is there any way to encrypt or hide the login credentials on the frontend before sending the request to the backend? I’m currently using HTTP APIs (in a local development environment). What are the best practices for securing sensitive data in transit?
1 Reply
@Brown-headed Nuthatch I’m currently developing a project using Next.js (frontend) and Node.js (backend). I have a question regarding API request security.
When I log in to the website and inspect the Network tab in the browser, I can see the username and password in plain text within the request payload. Although I’m using the "bcrypt" library on the backend to hash passwords, I’m concerned about the data being visible before it reaches the server.
Is there any way to encrypt or hide the login credentials on the frontend before sending the request to the backend? I’m currently using HTTP APIs (in a local development environment). What are the best practices for securing sensitive data in transit?
Cornish Rex
Hey, that is okey popular websites are the same too since it is on HTTPS so only the client and server knows the payload once it reaches the server it will hash it and store it and give you a session token instead which is also stored in the cookies where if someone has it then they have access to the account its not an issue unless the client is infected which means even if the username/password are encrypted before sent then the cookie is still available dont worry about it 🙂