Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Plain text password over HTTPS

Tags:

https

password-protection

I'm currently working on a PHP OpenID provider that will work over HTTPS (hence SSL encrypted).
Is it wrong for me to transmit the password as plain text? HTTPS in theory, cannot be intercepted, so I don't see anything wrong. Or is this unsafe at some level and I'm failing to see this?

like image 375
WhyNotHugo Avatar asked Jun 07 '09 16:06

WhyNotHugo

1 Answers

It is safe. That's how the entire web works. All passwords in forms are always sent in plain text, so its up to HTTPS to secure it.

like image 99
Eduardo Scoz Avatar answered Dec 09 '22 06:12

Eduardo Scoz
Sign in to Comment

Related questions

How to make a website secured with https
Validate SSL certificates with Python
How to force https on elastic beanstalk?
Enabling SSL with XAMPP
Webpack Dev Server running on HTTPS/Web Sockets Secure
How do I make a https post in Node Js without any third party module?
Could not create SSL/TLS secure channel, despite setting ServerCertificateValidationCallback
URL without "http|https"
HTTPS for Amazon S3 static website [closed]
Find out what resources are not going over HTTPS
Can you use a service worker with a self-signed certificate?
Dealing with HTTP content in HTTPS pages
How do I disable HTTPS in ASP.NET Core 2.1 + Kestrel?
How to create .pem files for https web server
https URL with token parameter : how secure is it?
HAProxy redirecting http to https (ssl)
Android WebView not loading an HTTPS URL
Ajax using https on an http page
PhantomJS failing to open HTTPS site
Curl: Fix CURL (51) SSL error: no alternative certificate subject name matches

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!