Hi
how can we parform server side encryption and client side decryption in Jmix 2.1.3 for textField, comboBox and numberField data?
I would look at how the user passwords are implemented when setting a new password for a new user, for example.
Kind regards,
Mladen
Hi
Scenario 1 : I have created one sample project I am entering username and password in the filed and click on login button and capture the request in burp suite application and I see the username and password both are visible in plain text. Please find the attached screenshot
Scenario 2
I have redirect to user module I am creating the new user entered username and password details and I change the password filed one letter of entered password and just clicked outside of the screen one request in capture in the burp suite application and see the password entered in plain text. Please find the screenshot attached.
Sample Project attached :
sample.zip (3.8 MB)
As per my understanding this is happened on every Field of ChangeListener.
This data can’t be visible in plain text. how can we fix this?
You should set up HTTPS on the server, it’s a common solution to secure data exchange.
See explanation from Mario here: Hiding Password of the user - #2 by mario