Vote count:
0
I am creating a REST webservice using jersey. I want to authenticate the user based on tokens. Once the user logs in by providing his username and password, I generate an authentication token using bcrypt and send it to the user.
My question is, if we send the bcrypt encrypted token to the user and store the same in the server, if some hacker get holds of the database, he can use the tokens as such and login as any user. Then what is the purpose of encryption.
I searched the forums but was not able to find a answer. Thanks in advance.
asked 2 mins ago
How to send authentication token to client
Aucun commentaire:
Enregistrer un commentaire