Hi, It's OK, it's the way it works, If you put s local proxy like burp and then you go and capture traffic, it is ok that you can see clear text data because burp proxy puts their own certificate between client and backend, because of that burp proxy can decrypt and show you clear text data. If you sniff with a packet capture like wireshark, you will see everything is encrypted.
Salting your password/username before sending it is not really secure, because hashing the username/password before sending, would need to be performed in the browser via javascript and if the hash process happens in the client side, you can see how encryption is made and reverse it . Cheers. Chris. El lun, 21 nov 2022 a las 5:01, Silvian “Top 10 Answers” Cedru (< [email protected]>) escribió: > Its weird why does web2py do not salt username and password before sending > it ? > > Silvian Cedru schrieb am Montag, 21. November 2022 um 09:25:05 UTC+7: > >> Here is a screenshot after sniffing the network and it is weird since it >> has HTTPS I thought you could not sniff out the password when someone logs >> ins so I need to salt or Hash it but I am not sure where I find the file >> and what to change . Would be awesome if someone could help. >> >> Silvian Cedru schrieb am Donnerstag, 17. November 2022 um 11:05:34 UTC+7: >> >>> Hello everyone , >>> >>> I just found out that when you login in my application my password gets >>> send in plain text even I thought it gets hashed does someone know a >>> solution how to salt or hash the password before sending ? >>> >>> >>> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJv2ddys7nQV5%3DCu7xbM%3DQ-vqu09%3DDL2ZMHoN2TNBYsO7A%40mail.gmail.com.
