-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Sending username & password to a socket
- Thread starter Kevin
- Start date
- Similar Threads Similar Threads
TorThere are some guidelines though:
1. never send the plain password through the socket
2. Make some kind of handshake:
- When a socket is opened the server generates a radom value or text, stores it locally and send it to the client
- the client calculates a hash of this value with the password ( or a hash thereof) and send this to the server, together with the username
- the server does the same and compare both values
In this way you avoid someone to eavesdrop on the connection and use the data captured to pretend being someone else.
Wim
1. never send the plain password through the socket
2. Make some kind of handshake:
- When a socket is opened the server generates a radom value or text, stores it locally and send it to the client
- the client calculates a hash of this value with the password ( or a hash thereof) and send this to the server, together with the username
- the server does the same and compare both values
In this way you avoid someone to eavesdrop on the connection and use the data captured to pretend being someone else.
Wim
Upvote
0
