I am a web developer and using Firebug to track my AJAX requests. But some days back I came to know that every network request you do is tracked by Firebug not only asyncronous requests.
If you submit a form normally using the HTTP protocol (not an AJAX call), it is still logged in Firebug's Net panel and is shown openly. I checked it on various reputable sites (names can't be disclosed) having SSL certificates and using the HTTPS protocol, though they are also having this problem.
Is there any technique to encrypt the password before a normal form submit?
Suppose I am using $.ajax(), then I can encrypt the password using base64, or my custom encryption technique, but what in case of normal HTTP submits?
Steps to reproduce:
- Open Firefox.
- Start Firebug if you have it or install it, then start it.
- Go to the Net panel in Firebug.
- Open any website where you have an account and just log in with your credentials.
- Just check the POST requests where you got your original password as a plain text.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire