re: Sending plain text user information VIEW POST


Yes, it is safe to send this information in plain text as long as you use HTTPS and the POST method.
The password is not really send as 'plan text' as SSL would be encrypting the data in transmission!


Hello. Thank you for the response. Heres situation. When I tried to login and check the network tab. The post request that I sent is in plain text. This is from the client side. I know ssl would encrypt it but on request opening the network tab and see the plain text password is it ok?


Yes, that is acceptable. Even if the password is visible in the Networks tab - only the user who entered it would be able to see it. An attacker without physical access, would not be able to see the contents of the Networks tab/console.

Also, would recommend you to enable HSTS. Forgot to mention in my earlier comment.

It stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from accepting insecure SSL certificates. HSTS is currently supported by most major browsers (only some mobile browsers fail to use it).

Hope this helps!

code of conduct - report abuse