markdown guide

Yes, it is safe to send this information in plain text as long as you use HTTPS and the POST method.
The password is not really send as 'plan text' as SSL would be encrypting the data in transmission!


Hello. Thank you for the response. Heres situation. When I tried to login and check the network tab. The post request that I sent is in plain text. This is from the client side. I know ssl would encrypt it but on request opening the network tab and see the plain text password is it ok?


Yes, that is acceptable. Even if the password is visible in the Networks tab - only the user who entered it would be able to see it. An attacker without physical access, would not be able to see the contents of the Networks tab/console.

Also, would recommend you to enable HSTS. Forgot to mention in my earlier comment.

It stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from accepting insecure SSL certificates. HSTS is currently supported by most major browsers (only some mobile browsers fail to use it).

Hope this helps!


You should use a password-hash instead of the real password, that way your server wouldn't even know the users password.


Yup we uuse brcrypt. Im not talking about database. I’m talking about making a post request and the user info on the client side is on plain text

Classic DEV Post from Jul 31

10 Tips For Debugging in Production

Handy tips and strategies you can use when debugging in production.

aRtoo profile image
Web Team at Dentca. Currently hands on Ruby on Rails and Angular. :)