I have created a separate login system using a HTTP endpoint and it adds it to the end of /ui
how do i access this data with nodes
http://localhost:1880/ui/?username=user&password=123#!/0?socketid=KZgw8S79tHwK-JUTAABH
I'm sure you've thought of this, but you realise that such a format is worse than useless? Any login without https is pointless and any login that passes the password on the URL is also useless.
i was going to encrypt using base64 and then md5 but have yet to do so
this project is more of a learning experience
If just for learning, that's OK. Just don't forget.
You should never craft your own security though. And you don't need to. The password should always be entered by the user into a page on the server. You can't encrypt on the client because the the browser will always be the most exposed aspect and there is no general way to prevent the password being accessible at some point.
So, you need TLS which gives protection of everything that is transferred - EXCEPT the URL which can and will be visible to potentially many caches between the user and the server. And you need a server delivered form that submits the user-entered data in the returned body which will be encrypted so it doesn't matter if it gets captured in a cache or intercepted in a proxy. No client-side hashing or encryption of the password needed, that should be done immediately on the server - on receipt of the login form, the server should 1-way hash the password using a standard, strong hashing algorithm. You can then compare that against the stored hash to see if the password is valid.
Even for home/test use, it is best to try and do it right 
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
