It is not that I do not have access to javascript, of course. In most of my CS web development courses, we study server-side validation a bit, and then, as soon as javascript is introduced, server-side validation is thrown out of the window.
I choose not just to rely on javascript, as the client side is never a safe place. I'm used to writing both client and server code for such things. However, for a web application that I am writing that has additional AJAX, I do not want the password to be sent in clear text over the wire if someone has javascript disabled.
I understand that I can ask the situation with catch-22, so let me just ask: how do we know that the passwords of our users will be protected (enough) from malicious users on the same network, when all we can rely on is server-side scripting . On this first request from the login page, is there a way for the browser to encrypt the data field?
source
share