Of course they are. Use HTTPS if you don't want that to happen. request.requires_https()
and session.secure() Are your friends. Terça-feira, 17 de Dezembro de 2013 22:08:34 UTC, P T escreveu: > > I deployed a small app on the intranet and noticed that the username and > password are transmitted in plain text (using a tool WireShark, > http://www.wireshark.org/). > > Here is my setup: > 2.8.2-stable+timestamp.2013.11.28.13.54.07 > (Running on Rocket 1.2.6, Python 2.7.6) > Database: Postgresql > > So, I checked the model and noticed that my auth did not include hmac_key. > So, I changed that to > > auth = Auth(db, hmac_key=Auth.get_or_create_key()) > > But, this did not help either. > > What should I do to make sure that user's passwords are transmitted as > encrypted? > > Thanks, > PT > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
