Question

Handling encryption on client side

0

Hello everyone, I want when I do log in or sign up on my mendix web. The password is encrypted on the client side, so we can't see the password in the request body. Can mendix handle it? If yes please explain step by step to do this.

asked 2024-02-20

Fadil Fidrian

3 answers

Jelle van Leeuwen · Answer 1 · 2024-02-20

Hey Fadil,

Not a full answer but maybe you find your answer in the following documentation about offline encryption:

https://docs.mendix.com/refguide/mobile/building-efficient-mobile-apps/offlinefirst-data/local-data-security/#encrypting-local-databases

Good luck!

Robert Price · Answer 2 · 2024-02-23

Ideally, you should be using HTTPS when hosting your application. This will encrypt all the network traffic between the client and server.

I hope this helps.

Shreyas Garsund · Answer 3 · 2024-02-23

Hello Fadil,

Generally what the client can do is not controlled by Mendix but by the user and the client.

If your app is deployed to Mendix Cloud, TLS/HTTPS comes out of the box and rest assured your passwords are secure in transmission as encryption at rest and in transit come out of the box with Mendix.

If you want more control, you can use the encryption module which uses AES to custom encrypt decrypt your passwords.

Regards,

Shreyas