Project

General

Profile

Actions

Defect #41133

closed

Lack of encryption of password on the client side (?)

Added by Robert Swansons 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

Hello.

First of all, pardon if the question is dumb, or I am being paranoid (I am kind of tech-naive) but I'll ask nonetheless.
Today, upon inspecting the page (F12 in Chrome) when going to the Network tab -> login -> Payload I am able to see my password in plaintext!

It goes like this:
utf8: check
authenticity_token: cAWSFJiQOWAJERIOQWJRIOJQWOIRJIOQWR
back_url: /
username: arthraspwner1337
password: MY_LITERAL_PASSWORD
login: Login

Now, is there any option (via plugin, settings on website or modyfying some ruby config files) to HIDE the password in this tab?
Or is HTTPS sufficient here, or is this the 'industry standard'?

Thanks in advance!

Actions

Also available in: Atom PDF