encrypt  and decrypt password in OutSystems UI level

Do we really need to encrypt password before sending it to API despite we have encryption and decryption already implemented in Web-API level which does same while login authentication.



Good question.

Based on our experience, when doing penetration test, this always got highlighted (Using BURP Suite, the data can be retrieve), so we always use cryptoJS for this.


Hello Gaurav Jain

In my opinion there is no such thing as too much security. If you can provide a higher level of security by adding a layer of encryption I believe its always worth it. 

Best of luck , 

Paulo Rosário

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.