Log in to AnswerLog in to Follow
UserImage.jpg
Prince K
42Views
5Comments
How to encode the password?
Question
Reactive
Application Type
Reactive

Hi,

I'm facing a problem where I need to encode my password which should not be shown while inspecting the element network as shown in the image below.

Any help will be appreciated.

Thanks 

Prince

0
0
09 Feb

Hi prince,

In reactive there is a server action called encrypt password you can find it in the dependencies and use it in the save logic it will encrypt your password.


2
0
09 Feb

I was thinking the same, but then you can still see the password as it will be sent to the encrypt with another api (the server action).


I don't think its possible to hide the password when you send it to the backend for authentication unless you encrypt it in javascript / client side. But then you still need to know how to decrypt it serverside.

0
0
10 Feb

Replying to Stefano Valente's comment on 10 Feb 2022 06:21:12

Hi,

inspecting in a input without saving or creating a log that's why the devtool show the value. do check after creating a login it will be encrypted in the serverside 

encrypted1.jpg

0
0
10 Feb

Hi Prince! 

You can use PlatformPasswordUtils API to generate salted encrypted password in Sha or MD type. You need just add from Forge this component  below - https://success.outsystems.com/Documentation/11/Reference/OutSystems_APIs/PlatformPasswordUtils_API

I hope that advice solve your issue


Best regards

Mukhamedali

1
0
09 Feb

Hi Prince,

dependant on your requirement i guess you have multiple options. You can simply obscure the password, eg. by encoding it to a base64 encoded string and decode it server side in the DoLogin server action.

If obscuring is not enough then you might choose to encrypt the input on client side with a symmetric key and encrypt it in the DoLogin action. On client side you may take a look at this forge component CryptoJS Reactive - Overview | OutSystems . For server side decryption this component here CryptoAPI - Overview | OutSystems is the most used one. Even more secure would be to perform an assymetric encryption by encrypting the password in javascript using a public key and decrypt the password with a corresponding private key in the DoLogin server action.

Hope that helps,

Stefan

0
0
10 Feb
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.