0

I would like to build a user management system. I think it's not secure to send user's password from browsers to servers over HTTP. But I'm not sure if it's secure to send message to servers over HTTPS. Whether the password can be attack if using HTTPS

Thanks

Hao Zheng
  • 7
  • 1
  • I'd suggest to read this: https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https – Juraj Martinka Jan 08 '20 at 08:39
  • Thanks @JurajMartinka, This document is concise and easy to understand. Sending password directly to server over HTTPS is secure but not suggested. It will be better to encrypt password before sending to server. – Hao Zheng Jan 09 '20 at 08:45

0 Answers0