hashing of password. where to perform this

[fguihen]

i want to hash a users password and store the hashed value on a database. i want to know where to perform the conversion to hashed value? should it be in jscript on the page, or in c# code on the server? if its done in c# code on the server, the raw password is sent to the server first, and i imagine this is not as secure as doing it on the machine and then saving the hashed password. what have you implemented in relation to this?

 

[PlausiblyDamp]

You are probably best doing the hashing on the server and storing the result in the database.

If you are requesting confidential information in a page you should be using https for the connection anyway, therefore you are not sending the password plaintext as the connection itself is encrypted.