I already have a properly working Java Script code that salts, hashes and stores provided plain text passwords. I also have the equivalent in TypeScript.
I provide a service using a NodeJs-Server via HTTPS and a client for it.
The only question I cannot answer myself is, what the best practice is to transmit the password from the client to the server when the user logs in or changes it.
Do I transfer the password as plain text and have the server doing all the hashing stuff? Or is it also no problem to have the client doing the maths and transfer the password readily salted and hashed? Is it maybe even more secure?
Can anyone give me an advice here?
Checking the internet for an answer did not provide any.
The main opinion is to have the server doing the math. I will implement it this way.
Thank you all!