Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jonny Flanagan 34 posts 163 karma points
    Jun 21, 2019 @ 14:14
    Jonny Flanagan
    0

    Securing the Backoffice - Username and passwords not encrypted

    Hi, I have an SSL certificate on my site and set umbracoUseSSL = "true" in the web config.

    When I enter my username and password and click Login, inspect the network traffic via F12 - the request body displays the user name and password.

    How can I encrypt/hide this?

    Thanks Jonny

    enter image description here

  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Jun 24, 2019 @ 06:13
    Jeffrey Schoemaker
    101

    Hi Jonny,

    in your browser tooling you can always see the unencrypted requests and responses, even with https enabled. That is just how the internet / browsertooling works.

    If you do the same for example on facebook.com and register a new user, you'll also see the password in your network-tab:

    enter image description here

    enter image description here

    If it wouldn't work like this, it would be pretty hard to debug your application for example.

    Hope this you gives you some confidence, and you don't have to invest any time to "fix" this.

    Sweet day!

    Jeffrey

  • Jonny Flanagan 34 posts 163 karma points
    Jun 24, 2019 @ 12:58
    Jonny Flanagan
    0

    Thanks Jeffrey for your reply. That does make sense.

Please Sign in or register to post replies

Write your reply to:

Draft