I am creating a user registration web page using meteor accounts-password. I don't want a user to login immediately after registration, so I am sending the request from the client to the server and the server invokes Accounts.createUser({username: someusername, password: somepassword}). The purpose of the registration page is that there is an admin user who registers other users. Some of the users have special privileges which allows them to login in the future.
My question is, when the client sends a request to the server, say for example,
var userParams = {username: someusername, password: somepassword} Meteor.call("addUser", userParams)
am I sending the password as plain text over the wire from the client to the server? Sorry if this sounds like a stupid question. However, I looked at the traffic between the client and the server using wireshark and I didn't notice that the plain text password was in the IP packet.
I would like to use the functionality of accounts-password because I want registered users with special privileges to login and logout later on.
So, I was wondering could someone please shed some light on this issue? Has someone else done something like this before (i.e. register users on the server side from a client request)? I would like to hear your recommendations. Any help is always much appreciated!
Thanks in advance!
Aucun commentaire:
Enregistrer un commentaire