Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

windyxia

PitaJ

There's no way to hide a password completely from the browser. Any extra encryption would depend on https to be delivered to the client anyways, so it wouldn't really add any security.

If you go to pretty much any login form on any website, you'll see the same thing. The password in in plain text in the request, but the request in encrypted with tls when sent over the wire, assuming your site is served over https.

dunlix

The only way someone would have access to this is if they can also see what you are typing- so basically if they are looking over your shoulder. I don’t think think it would be much of a problem unless you are hacked, in which case the hacker can just install a key logger to also see your password.

julian

@pitaj is correct, there is no point in adding additional client-side encryption, because of the simple fact that you cannot trust what happens client-side.

So the only thing you can do is encrypt the payload over-the-wire, which is exactly what https is doing.

Can NODEBB encrypt the password in browser?Make the password not displayed in clear text

Suggested Topics

how to change category number or clear all categories

Proxy the path under NodeBB root to another one.

How to make users see/interact with their own posts but not with posts from other users?

nodeBB integration in a web app UI

Nodebb dont work