Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. Technical Support
  3. Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

Scheduled Pinned Locked Moved Unsolved Technical Support
4 Posts 4 Posters 638 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W Offline
    W Offline
    windyxia
    wrote on last edited by windyxia
    #1

    @baris @dunlix @PitaJ
    516db8f9-dbf9-4824-b22c-9fbacb953fc2-image.png

    1 Reply Last reply
    0
    • PitaJP Offline
      PitaJP Offline
      PitaJ Global Moderator Plugin & Theme Dev
      wrote on last edited by PitaJ
      #2

      There's no way to hide a password completely from the browser. Any extra encryption would depend on https to be delivered to the client anyways, so it wouldn't really add any security.

      If you go to pretty much any login form on any website, you'll see the same thing. The password in in plain text in the request, but the request in encrypted with tls when sent over the wire, assuming your site is served over https.

      julianJ 1 Reply Last reply
      2
      • dunlixD Offline
        dunlixD Offline
        dunlix GNU/Linux Gamers
        wrote on last edited by
        #3

        The only way someone would have access to this is if they can also see what you are typing- so basically if they are looking over your shoulder. I don’t think think it would be much of a problem unless you are hacked, in which case the hacker can just install a key logger to also see your password.

        1 Reply Last reply
        2
        • julianJ Online
          julianJ Online
          julian NodeBB GNU/Linux
          replied to PitaJ on last edited by
          #4

          @pitaj is correct, there is no point in adding additional client-side encryption, because of the simple fact that you cannot trust what happens client-side.

          So the only thing you can do is encrypt the payload over-the-wire, which is exactly what https is doing.

          1 Reply Last reply
          1

          Copyright © 2024 NodeBB | Contributors
          • Login
          • Don't have an account? Register
          • Login or register to search.
          Powered by NodeBB Contributors
          • First post
            Last post
          0
          • Home
          • Categories
          • Recent
          • Popular
          • World
          • Top
          • Tags
          • Users
          • Groups
          • Documentation
            • Home
            • Read API
            • Write API
            • Plugin Development