I am trying to authenticate users with a REST service I built using drop wizard. From previous questions I found great example of authenticating with openID on github: https://github.com/gary-rowe/DropwizardOpenID
However, I don't want to deal with openID at the moment and simply want users to 1. Signup, 2. Signin
My questions/confusions are:
For Signup: I'm thinking about sending users's username/password as a
POST
request with the credentials as either form parameters or part of JSON body. However, isn't there a security risk here of sending password in plain text?For Sing-in I'm thinking about using
Authenticator
in Dropwizard.I don't want to store passwords in plain text. What strategy should I follow after I get the users' password in the
POST
as plain text? I'm looking for some java libraries that can assist in password salt and MD5