Reactive Web App and password verification


I am creating a Reactive Web application that will in public customer facing. My question is what would be the best way to handle password verification via the initial login site. For example, lets say I have a user that  accesses the login and attempts to sign in Say the user enters the incorrect password, would it be best to bring back the password from the server and store it say in a local session variable. This way, there would be only 1 round trip verses 3 to the server of incorrect password attempts before the site renders a message "Password incorrect, account has been locked".

If this would be the resolution, are there any security concerns with keeping the password in the browsers local session variable.

Additionally, how would I be able to encrypt the password attribute in OutSystems? I see that the password in Users are encrypted but not sure as to how this is done.


Hi Otis,

I would not over optimize that with all the security issues it will introduce.

Do you experience performance problems, with the default behavior?