Thank you, but do you have any suggestions what to do cause our cybersecurity officer keeps complaining about that wo I need change some settings in web2py or do you have an idea how I can sort it out ?
Kind regards Am Di., 22. Nov. 2022 um 02:23 Uhr schrieb Christian Varas < chriiisti...@gmail.com>: > Hi, > It's OK, it's the way it works, If you put s local proxy like burp and > then you go and capture traffic, it is ok that you can see clear text data > because burp proxy puts their own certificate between client and backend, > because of that burp proxy can decrypt and show you clear text data. If you > sniff with a packet capture like wireshark, you will see everything is > encrypted. > > Salting your password/username before sending it is not really secure, > because hashing the username/password before sending, would need to be > performed in the browser via javascript and if the hash process happens in > the client side, you can see how encryption is made and reverse it . > > Cheers. > Chris. > > El lun, 21 nov 2022 a las 5:01, Silvian “Top 10 Answers” Cedru (< > silvian.ce...@gmail.com>) escribió: > >> Its weird why does web2py do not salt username and password before >> sending it ? >> >> Silvian Cedru schrieb am Montag, 21. November 2022 um 09:25:05 UTC+7: >> >>> Here is a screenshot after sniffing the network and it is weird since it >>> has HTTPS I thought you could not sniff out the password when someone logs >>> ins so I need to salt or Hash it but I am not sure where I find the file >>> and what to change . Would be awesome if someone could help. >>> >>> Silvian Cedru schrieb am Donnerstag, 17. November 2022 um 11:05:34 UTC+7: >>> >>>> Hello everyone , >>>> >>>> I just found out that when you login in my application my password gets >>>> send in plain text even I thought it gets hashed does someone know a >>>> solution how to salt or hash the password before sending ? >>>> >>>> >>>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com >> <https://groups.google.com/d/msgid/web2py/3b380bb2-b908-4e8e-be5a-bc465196c38fn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJv2ddys7nQV5%3DCu7xbM%3DQ-vqu09%3DDL2ZMHoN2TNBYsO7A%40mail.gmail.com > <https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJv2ddys7nQV5%3DCu7xbM%3DQ-vqu09%3DDL2ZMHoN2TNBYsO7A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CABLX3EHdKqy44MNoay_TusmDkG%3Dn1z%3DwoDGc9U6Hqvdkqhz%3DYA%40mail.gmail.com.
