I'm actually quite interested to hear from any internet security professionals here on dev.to, as I am not one. That said, I operate under the assumption that if a security precaution can be taken, it should be. Security is preventative.
Having an HTTPS connection is good, but skipping out on things like hashing and salting, using a strong (and professionally vetted) encryption algorithm, and nonces, leads to breaches. Sometimes important data is lost, and sometimes not. Regardless, I can't think of a situation in which a breach would be beneficial.
Security is important, and should not be an afterthought. Those are my two cents.
I would hope that people are encrypting their data on the server side. I think this question is asking "do you encrypt data on the client side before sending it over an HTTPS connection?"
I'm actually quite interested to hear from any internet security professionals here on dev.to, as I am not one. That said, I operate under the assumption that if a security precaution can be taken, it should be. Security is preventative.
Having an HTTPS connection is good, but skipping out on things like hashing and salting, using a strong (and professionally vetted) encryption algorithm, and nonces, leads to breaches. Sometimes important data is lost, and sometimes not. Regardless, I can't think of a situation in which a breach would be beneficial.
Security is important, and should not be an afterthought. Those are my two cents.
I would hope that people are encrypting their data on the server side. I think this question is asking "do you encrypt data on the client side before sending it over an HTTPS connection?"
Yeah I also undertand that the matter here is transport security