Skip to main content

Theme Settings

Layout Style

Color

Direction

Image

Encrypting and Handling Passwords in an Enterprise Integration (EI) Project using AngularJS and Appiyo BPM

Body

The defacto choice for UI in present day Enterprise integration projects is AngularJS. Enterprises use AngularJS to provide a consistent look and feel to the user irrespective of the technology that drives the business rules. i.e. if you were a Bank you would have applications from atleast eighteen different vendors each having its own UI. Using AngularJS and an Enterprise Service Bus like Appiyo you can provide a consistent UI across all applications with REST over HTTP

In the course of our work with several Banking and Financial clients we have realised that AngularJS provides a challenge in handling passwords during the login process

Anyone with a stint in server side scripting would tell you that when users enter their credentials on a login page the password field is obscured with an asterix. However when the form is submitted the credentials are transferred un-encrypted. The security is provided at the protocol layer because a submit button automatically triggers a POST request and if you have HTTPS enabled it provides an additional security layer. Once the values are received at the server end the value is compared with the value of the password that is stored in the database (after decrypting it)

However AngularJS provides a challenge, the framework doesn't support any encryption so developers tend to use the atob() to obscure the password. This is incorrect because the atob() function encodes the input it receives and does not encrypt it. So it is possible to arrive at the orginal value by decoding the encoded value

The right method to implement encryption is to use a library like AngularJS Crypto to encrypt passwords and use Crypto JS to decrypt passwords at the server end

 

Get the latest in Fintech

Subscribe to our online newspaper dedicated to Financial Technology

The subscriber's email address.