If a password is encrypted before ajax, what is to stop a hacker from capturing the encrypted password and using it to log in?
Should a unique salt be sent from the backend beforehand?
Wouldn’t a hacker be able to capture that too?
background to my question:
I worked through this tutorial
summary of tutorial
browser side encrypts password before sending it to backend where it is stored in db
From that link, the first comment stuck in my mind
“what’s to prevent a hacker from capturing the hashed password and logging in?”