This may be an old question, but I still have not found the right answer to this question, so please be patient. I have an https login page that uses the form submission method and sends the credentials to the server ... blah blah.
During login, if you use IE and F12 to monitor the network, click start capture. You can see a URL similar to login, servetloginauth (from gmail.com), and you can see the request body with your username and password. Well, it can be argued that only if the user has not logged out, you can see it.
Now log out and do not close the browser and do not remove the browser (any browser, any version) from the task manager (I'm not sure how to do the same on a Mac). Use the WinHex editor to open the dump file and do a search / search: "password =" or the actual password (since you are checking your own username, you already know your password). You can see the password in text form.
Now my question is: how can I hide the password: 1. Either the URL of the send request 2. Or when the browser saves my credentials in a dump, I will mask / encrypt it or should not save the password at all.
My code for jsp:
<s:form id="login" name="loginForm1" action="login" namespace="/" method="post" enctype="multipart/form-data" >
<fieldset><!-- login fieldset -->
<div><!-- div inside login fieldset -->
<div....
<label for="password" class="loginLabel">Password</label>
<input type="password" name="password" id="password" class="longField nofull absPosition" size="16" autocomplete="off" alt="Password" placeholder="Password" title="Password|<
I have the current solution, as shown below, but I need any alternatives without much effort.
, . . - , . , . , Login . JavaScript , . POST.
, . , .
POST cleartext
SHA 256 - , - JavaScript " Reads".
. , , , JavaScript,
- .
, , Citibank -.
- , ( -), -, . - , , .