Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

windyxia

PitaJ

There's no way to hide a password completely from the browser. Any extra encryption would depend on https to be delivered to the client anyways, so it wouldn't really add any security.

If you go to pretty much any login form on any website, you'll see the same thing. The password in in plain text in the request, but the request in encrypted with tls when sent over the wire, assuming your site is served over https.

dunlix

The only way someone would have access to this is if they can also see what you are typing- so basically if they are looking over your shoulder. I don’t think think it would be much of a problem unless you are hacked, in which case the hacker can just install a key logger to also see your password.

julian

@pitaj is correct, there is no point in adding additional client-side encryption, because of the simple fact that you cannot trust what happens client-side.

So the only thing you can do is encrypt the payload over-the-wire, which is exactly what https is doing.

Community

Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

Suggested Topics

phpbb >nodebb, admin/mods cannot edit

Update, "NodeBB could not be restarted, as a running instance could not be found." error

Only display Directory after nodebb is success install and running

Need help with nodebb-plugin-import

considering nodebb, having some questions