Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Why use http authentication for general user auth? And PGP? I personally don't see a use case for that.
What are you planning to make?
@linuxxx It's only a small dashboard for planning stuff, but I'm just getting into securing web applications and wasn't sure how much is needed.
@FilipeRamalho I'd just use general php/mysql (with strong hashing of course) for user authentication :)
@linuxxx Not using PHP or MySQl, rather RethinkDB and Kotlin and Ktor.io. The question basically is on how much do I have to encrypt on my own and now I have come to the conclusion that I don't have to encrypt, because HTTPS already secures the connection.
@FilipeRamalho Transport security is one thing and is a must but you don't want to store the user credentials as clear text. So what do you do? Hash them.
@abhishekb Of course they are hashed on client with salt for transport security and on server for breach security.
You don't need pgp for additional transport or storage security. jwt+https are enough. But do make sure that the https and webserver are well configured using https://observatory.mozilla.org/ or similar services.
@linuxxx my comment above could interest you too
While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?
What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?