0

I'm using asp.net mvc 5 and create a login page, it's working. But, by using Fiddler web debugger, I can view email and password easily.

Like this:

__RequestVerificationToken=kIMhqtcvDFpeb2pt0GBQWnvB_Ne8m9ycMiDL820vYFJ0fmfYpWcVYMnHp-mKigG24hP95u0JI4VL4Aw8crcoO2Rof9Y-WhJyx8XT3yPBiNg1&Email=email2%40gmail.com&Password=Pw123%21

So, Email is: email2@gmail.com and password is: Pw123!

And my question is: Is there a way to encrypt password value on client side before sending, and server can decrypt it?

Thank you!

1 Answers1

1

So far, you get to know you own email and password, no problem ...

If you are on a https connection, encryption is done automatically. If you're stuck to http, take some javascript encryption code to encode your password before sending (see here for example how to modify the submit process).

Community
  • 1
  • 1
outofmind
  • 1,430
  • 1
  • 20
  • 37
  • Sorry, I set `[RequireHttps]` on the Controller, and convert `http://localhost:44302` to `https://localhost:44302`. I see nothing about email and password in Fiddler, but Firefox can still see it easily (Ctrl + Shift + Q to call `Newwork monitor`) –  Sep 22 '15 at 08:05
  • Can you tell me more? –  Sep 22 '15 at 08:06
  • @Kevin Not totally sure, but if I'm not totally wrong, Fiddler shows the raw content that one would see when sniffing the packets (what someone may see on the network), Firefox shows the decoded / unencrypted content - so, nothing to worry about that Firefox shows it unencrypted as it shows just what the current user (= you) is sending. It won't be able to decode random packages sniffed from an arbitrary network stream. – outofmind Sep 22 '15 at 14:06