3

While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?

What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?

Comments
  • 1
    Why use http authentication for general user auth? And PGP? I personally don't see a use case for that.

    What are you planning to make?
  • 0
    @linuxxx It's only a small dashboard for planning stuff, but I'm just getting into securing web applications and wasn't sure how much is needed.
  • 2
    @FilipeRamalho I'd just use general php/mysql (with strong hashing of course) for user authentication :)
  • 0
    @linuxxx Not using PHP or MySQl, rather RethinkDB and Kotlin and Ktor.io. The question basically is on how much do I have to encrypt on my own and now I have come to the conclusion that I don't have to encrypt, because HTTPS already secures the connection.
  • 4
    @FilipeRamalho Transport security is one thing and is a must but you don't want to store the user credentials as clear text. So what do you do? Hash them.
  • 0
    @abhishekb Of course they are hashed on client with salt for transport security and on server for breach security.
  • 3
    You don't need pgp for additional transport or storage security. jwt+https are enough. But do make sure that the https and webserver are well configured using https://observatory.mozilla.org/ or similar services.
  • 1
    @linuxxx my comment above could interest you too
  • 0
Add Comment