Django Security

Imagine a user came to my django create account page and send a post request of his username and password. If i send it raw can hackers see that? And even if i make a hash can't they just go to my webpage and see the frontend hash making function's code and get the password? Is there anyway i can send it by hashing and hackers don't know how the hash was done?

django security hash

29th Jul 2020, 5:03 PM

Wasi

3 Answers

+ 3

Ali Abdelhady that's not what he worried about. He's concerned about sending unencrypted UN & PW over http. Wasi you're correct if your on an unsecure network they are vulnerable and client side hashing doesn't make it much more secure. If you're really concerned about security probably better off using a professional auth protocol

29th Jul 2020, 6:13 PM

JME

+ 1

JME Thanks for clarifying!

29th Jul 2020, 8:02 PM

Ali Abdelhady

I don't know about Django, but the password is hashed in the back end (as in the route function in Flask), so it is not visible to the frontend. Shouldn't it be a similar case in Django?

29th Jul 2020, 5:30 PM

Ali Abdelhady