0

I am using username and password. The password field is of type password. But when I do debugging i can see the password as typed in text. Is there any way to hide it. Any wrapper for this.

3
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by langsor
0

Right,

I see your concern here. Since you can grab the plain text value of the password input field using javascript or php, etc. Likewise the password is sent in plain text in the form POST method for anyone doing packet sniffing of your server...for that you need https:// or secure socket layer to protect.

As far as encrypting the password ... I'm afraid that would do no good since if someone has access to your pages via javascript they could bypass any encryption module used with javascript. Likewise they could decipher your encryption module (since it would be in plain javascript format) if they wanted to, anyway.

Luckily most web pages do not allow people to insert javascript into the page, and simply using secure socket layer will deter most would be crackers, unless your password protected data is very important and valuable, then I would hire a specialist in security and encryption to do that part of the site and not rely on limited knowledge to protect it.

In other words -- don't worry about it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.