0
votes

I did a simple login page using HTML, Javascript. I validate my username and password using 'CGI'. When I click login button, a script 'login.cgi' been called using 'AJAX'. It is a POST method. Once I logged into my website, I went to Inspect element in firefox and clicked Network tab. I selected my 'login.cgi' under the Network tab. When I select the login.cgi, I can see the information of Headers, Cookies, Params, Response and Timings. I clicked Params field and checked that I can view my username and password in a plain text as parameters of that cgi script. I wish to hide my password field from this Inspect element feature. How can I do this?

1
I don't think that you can hide your password, but you can encrypt or hash it before sending it.mrid
I have checked this in facebook login. It is there too. SSL can avoid man in the middle attack but not from man who enter it.Sanka

1 Answers

1
votes

If the password on your storage are hashed, and you know what alghoritm is used, you can hash your password with the same hash before to send it with post.

Then you can compare this 2 hash.

But what you have seen, it's a classic network problem, you must use an ssl connection to avoid the other person in the network with some attack can read your credentials.

This is your real problem not that the user who have written his credential can see his credentials in the network debugger tab.