Password Handling
I have a simple site with an input for a password and then on submit, it goes to this:
o3 wrote some comments here and suggested a "secure password check" as well as signing or encrypting cookies. What I want to understand is that, why would I need to do a "secure password check" if my password is stored in a .env that is only on my server?Also do I really need to sign or encrypt my cookies, what are some things that could go wrong if I don't? I just opened dev tools and manually set it and that bypasses the password lol, I'll have to look into how to do this after all lol
For secure password check, I'm assuming just hashing the password and then check the input password's hash against it, is that good enough? I never did something like this before and so I'm unsure what "best practices" would be for this.
o3 wrote some comments here and suggested a "secure password check" as well as signing or encrypting cookies. What I want to understand is that, why would I need to do a "secure password check" if my password is stored in a .env that is only on my server?
For secure password check, I'm assuming just hashing the password and then check the input password's hash against it, is that good enough? I never did something like this before and so I'm unsure what "best practices" would be for this.
