If my application is sending credentials to an auth server over https, is there any real benefit of encrypting it (using RSA for example) before sending it to the auth server? Or is the benefit so minimal I may as well just send it as plaintext?
Asked
Active
Viewed 81 times
1 Answers
2
There would only be benefit if for some reason you can't trust that the TLS connection is secure, in which case you would be much better off fixing the TLS connection.
Probably a duplicate of For an HTTPS web application, is it worthwhile to encrypt the password before POSTing it, to keep a MITM attacker from harversting it?
AndrolGenhald
- 15,436
- 5
- 45
- 50