score:5
As has been said before, you cannot prevent the user from looking at the password in his browser (besides, he's the user, so he knows the password already). It is risky to store the password because it exposes it to local filesystem attacks (against which encryption may be useful, if you use a different key for each user).
You may want to encrypt the password if you don't trust SSL/TLS (for instance, corporate users may be forced to use an insecure HTTP connection to some HTTPS proxy). But in that case, you can instead prove to the server that the client has the password without sending it at all (even encrypted, for which the encryption key would have to be shared with the client over an untrusted network so bad idea) by sending a hash of the password plus some non-secret pseudo-random stuff (and send the pseudo-random stuff too).
That being said, you shouldn't store the user's password in any form on the client-side (when authenticating, you can still send a hash derived from the password, instead of the password itself, in case HTTPS is compromised).
Store a token (such as an OIDC access token) generated by the server after the initial authentication. The token expires (typically ranging from an hour to a couple of days), can be revoked with minimal inconvenience to the user (he doesn't have to create a new password) and is not enough to change the user's password or email (typically the user would have to enter the old password for that) and perform other critical account operations, so the user can at least recover the account even if some damage is done with a stolen token.
score:11
No need for such encryption. It would be pointless to implement your own encryption since HTTPS was created for that exact reason.
score:12
You don't need to encrypt the password in the frontend before sending it to the backend as far as you are using an HTTPS connection and sending it as form parameters. However, you should not store the password in the browser local storage, you could ask your backend a connection token that you will store as the session identifier.
Source: stackoverflow.com
Related Query
- How to send password in encrypted form from ReactJS to ExpressJS?
- I want to send the data from a request form to a database in the MySQL workbench from a javascript file in a ReactJs project, but I have no idea how
- How to send data from a form data to a database using ReactJS , Node.js and MySQL queries?
- How to send form from reactjs to nodejs
- How can I send data from this reactjs form to a database?
- How to send form data from React to express
- reactjs how to input multiple file from form
- How to send POST request to Django API from ReactJS web app?
- How to add email from session into a form in reactjs
- How to post form data from reactjs to controller in mvc asp.net
- How to send posts requests to contact form 7 from React.js
- how can i post data from reactjs form to mysql database
- ReactJS , How to change form type, from onChange dropdown
- How to send data from form to another page?
- How do I send data from material ui datagrid Row to form input?
- How to send jwt token from expressjs to react application?
- How to send data from child component to parent component in reactjs
- How to send data from Modal, Form using react and bootstrap?
- How to store, submit and copy input from form to another component in ReactJS
- API Symfony 4 / Reactjs / Paybox - submit a form from back side and send its redirection to front side for payment
- How to get value from radio form in reactJS
- How to create contact form with ReactJS and send the values with API - Express
- how to send data from child component to parent component state in reactjs
- How Can I Send an Authentication Token to Expressjs from React with Firebase Auth
- Reactjs : How to route to another form on submit and send submitted data to the new page
- How can i pass data from ReactJS submit form to AdonisJS
- How should a django app handle a post request from a reactjs form
- How to send input value from a form to another component?
- How to send data from list into form with React?
- How to send pictures from back-end to the front-end in ReactJS
More Query from same tag
- How to add id and body to axios.PUT request?
- Unexpected token 'export' when using webpack
- React value returning undefined
- React - Input in table row loses focus on input
- React-bootstrap centering checkboxes in columns
- How to htmlify response text
- ReactJS: can not change style with changing state
- When is the promise executed for suspense in React?
- Unable to properly setup navbar in responsive mode using Next JS and Chakra UI
- Generic React Component Interface whose property types can change based on specific property
- How do you style a component to be under another component?
- babeljs throwing 'unterminated regular expression' in </type> of renderDetails() method
- Most effective way to re-evaluate useState when its initial value changes?
- Adding state to <Link> overrides the other properties like 'search' & 'params'
- Why is switch statement used in useReducer hook to manage state?
- Materials UI: Can't get useStyles to work in Class Component
- react-native-swiper does not show dynamic images
- What is returned?
- Div not showing but numbers in React
- Argument of type is not assignable to parameter of type Typescript Error
- Not able to receive/set cookies in browser from backend in MERN app with backend hosted on heroku and frontend on netlify
- react-router-dom. Return blank page after refresh
- How to set react-native keyboard theme to dark
- env-vars in React using Dotenv and Webpack
- Assigning Object in function to Variable or call setState w/o this?
- How to push route onClick in list React
- Which way do props flow with compose()?
- Upload BlockBlob to Azure Storage using React
- React-router not rendering page
- React-Native-Meteor update React-Native 0.33
