I have my authentication in my devise jewel web application . I was wondering if this is safe. Yes, it stores passwords as hashes in the database, uses encrypted tokens after logging in, etc. But what about the initial entry phase? Does it send a user password that is not encrypted over the air (I do not have SSL)? Can a client encrypt it using a specific public key that only the server can decrypt? Or is SSL the only way to encrypt a user's password?
Thank!
source
share