Question
· Nov 17, 2020

Login encryption

When logging in to the management portal page, how to send the encrypted user name and password when sending a request

Discussion (8)1
Log in or sign up to continue

Just as a quick caveat, I want to reiterate Nicholai's note on that post that the private web server should not be used for a production system; the private web server is primarily intended for out-of-the-box management portal access. If you need a full featured and https-secured web server to run your application, you should install a full web server.

Use SSL on an external web server such as Apache or IIS. Then disable the internal web server or at least restrict traffic to it. Note that many of the web services in HealthShare (if set up before deploying SSL) will be configured to use the internal (57772) web server. Those URLs in the Service Registry will need to be updated.

You have to use HTTPS, for such tasks, encryption passwords on the client-side not secure in any way. The only way to make it secure is by using SSL. Base64 is far from Security, anybody with such a string can get a real password. With SSL, it will be impossible to decrypt any traffic between client and server. So, even way, to catch anything about a password.