in your browser tooling you can always see the unencrypted requests and responses, even with https enabled. That is just how the internet / browsertooling works.
If you do the same for example on facebook.com and register a new user, you'll also see the password in your network-tab:
If it wouldn't work like this, it would be pretty hard to debug your application for example.
Hope this you gives you some confidence, and you don't have to invest any time to "fix" this.
Securing the Backoffice - Username and passwords not encrypted
Hi, I have an SSL certificate on my site and set umbracoUseSSL = "true" in the web config.
When I enter my username and password and click Login, inspect the network traffic via F12 - the request body displays the user name and password.
How can I encrypt/hide this?
Thanks Jonny
Hi Jonny,
in your browser tooling you can always see the unencrypted requests and responses, even with https enabled. That is just how the internet / browsertooling works.
If you do the same for example on facebook.com and register a new user, you'll also see the password in your network-tab:
If it wouldn't work like this, it would be pretty hard to debug your application for example.
Hope this you gives you some confidence, and you don't have to invest any time to "fix" this.
Sweet day!
Jeffrey
Thanks Jeffrey for your reply. That does make sense.
is working on a reply...