Firebase auth is showing password of user and probably hash code

Question

window.addEventListener('load', pageLoad)
// Dashboard loading
function pageLoad(){
    onAuthStateChanged(auth, async (user)=>{
        if(user){
            console.log(user)
        }else{
            window.location.href = 'http://127.0.0.1:5000/login.html'
        }
    })
}

My problem is that when I run this I can see everything about the user like the password and I think also the hash parameters: passwordHash:"fakeHash:salt=fakeSaltfWcJeJjzWoNxCHlPkAdg:password=testpassword123". The testpassword123 is the password of the test user. My question is this only because I am in an emulator or will it also be in production mode? if yes, how can I prevent such a thing? I couldn't find anything about that on the internet.

Tried google and youtube

Could you edit the question to be more clear about how you are observing these things? If your issue is with the output of the console log, maybe you shouldn't log that in production? — Doug Stevenson, May 29 '23 at 17:29
What you're describing is the expected behavior. See https://stackoverflow.com/questions/69117271/firebase-request-url-showing-username-and-password-in-request-payload-in-network and the other questions linked from my answer there. — Frank van Puffelen, May 29 '23 at 19:22

Firebase auth is showing password of user and probably hash code

0 Answers0