Django password shows in Form Data (Post/Request)
Good evening, I would like to know if when you submit a POST request to Django with your credentials (username/email and password) is normal/save to have that info open in Form Data (dev tools google -> network -> url).
Like that:
It's possible to hide that info or at least encrypt?
Many thanks in advance!
This isn't really a problem. Your request should be protected by HTTPS and no one can see the contents of your form post.
Imagine you could encrypt your password on the client: if someone could see your "plaintext" password they could also see your encrypted one. Since your server decrypts that password, the theoretical attacker would just send the encrypted version instead of your "plaintext" one. The "encrypted" password is now your just another plaintext password, and we are back where we started.
There aren't many good/easy ways to protect an encryption key on the client and maintain usability, especially not in a web app scenario. This is exactly what https/tls is designed to solve, in a general way.
- gobject/gnome/glib bindings for D using GIR?
- How do nested functions get compiled?
- The "this" pointer and message receiving in D
- 64-bit executables with DMD
- GtkD with D lang on Fedora
- Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
- How to use MongoItemWriter to write a List<T>
- Why a function with protected modifier can be overridden and accessible every where?
- Convert Unicode const(uint)* to a dlang character type
- Compiling D with Code::Blocks
- DMD vs. GDC vs. LDC
- Rendering a font in raylib using freetype
- Digital Mars D compiler; acquiring ASM output
- D Programming: openssl rsa forward reference compiler error
- D compiler DMD doesn't link object files
- OPTLINK: Warning 23: No Stack
- Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
- Is this the right way to combine Garbage collected with none Garbage collected code in D
- D compiler (Digital Mars D Compiler) throwing error
- Which D Compiler to Use?
- Splitting a string treating multiple whitespace as one separator
- Proper way of passing array parameters to D functions
- Detailed Valgrind internals documentation
- Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
- Iterate over key/value pairs in associative array in D.
- Dlang associative array of an array of strings keyed by a string has unexpected behavior
- How to repeat a statement N times (simple loop)
- Is worth the effort to learn D?
- ld: undefined reference to object I can see in objdump
- D using emplace