saving the response value to the backbone model which made the Save() call

Question

here is my login model

LoginModel = Backbone.Model.extend({
            initialize: function(){

            },
            defaults:{
                userName: 'undefined',
                passwd: 'undefined'

            },
            urlRoot: 'https://www.xxxx.xxxx/encryptedcredentials',
            parse: function(response, options){


            },
            validate: function(attributes, options){

            }

        });

i am posting a token to the server to receive the encrypted username & password. on success method, it returns the encrypted credentials.

// creating a loginmodel

var loginmodel = new LoginModel();


// calling save to post the token

loginmodel.save({token:"xxxxxxxxxxxxxx"},{
    success: function(model, response){

    //server is returning encrypted the user name and password
        response.encUserName;
        response.encPassword

    },
    error: function(model, response){
    }
);

how to set the response(userName, passwd) to the user created loginmodel's attributes?

Answer 1

Your server should not be able to provide you a user's password. Plain and simple. If it can then your users' data is not secure.

When a service allows you to login with a username/password the server should never be storing the password in any way that you or anyone else can retrieve the plain-text version of the original password. You should be storing the password as a salted hash of the user's input. Then, when they try to log in, you perform the same encryption on the input and check that it matches the encrypted hash you have stored in the database. This is why when you forget your password on a web site (Twitter, Facebook, Google), the only option is to reset the password.

You should never be able to get back the plain-text version of a password. Ever.