Although we use https, before we send the information to the backend, we can debug our web application in chrome and can see all the information(api url, username, password, http request parameters). Is there a way to handle this in secure way?
Asked
Active
Viewed 166 times
0
-
`Is there a way to handle this in secure way?` - No, you should avoid sending those to the browser in the first place. If you must, you can try obfuscating the JS files, but that's just not secure enough. – Nisarg Shah May 24 '18 at 07:03
-
This one covers what you are looking for: https://stackoverflow.com/q/7559409/5894241 – Nisarg Shah May 24 '18 at 07:08
-
Every info that is sent to the browser can be seen & compromised. Obfuscation is really just a myth. If the browser can understand the code, a human will have no problem decoding it. If you're not confortable with a user being able to get that info, it should not be sent to the browser in the first place. The only thing I can say as far as security goes, is that any third party script you load on your pages (cdn library, ads...) can technically have access to your site's cookies, local storage, global variables, DOM.. For example, it can easily see what your user types in a password field – blex May 24 '18 at 07:09
-
Thank Nisarg and Blex. Any best practices for this kind of credential information in we applications? – user2428424 May 25 '18 at 03:28