[keycloak-user] Password in plain text
Martin Kanis
mkanis at redhat.com
Tue Feb 26 08:18:56 EST 2019
Hi,
this is pretty normal that a dev tool in browser captures all the data. See
https://security.stackexchange.com/questions/51186/username-and-password-stored-under-form-data-in-chrome-dev-tools
.
For production environment you should always set up Keycloak using the
https/ssl. See docs for more
https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl.
In that case all data will be sent over the network encrypted.
Martin
On Tue, Feb 26, 2019 at 12:34 PM David Rodriguez <
davidrodriguez1317 at gmail.com> wrote:
> Hi. I am just implementing keycloak, and taking a look at the calls, I see
> that the password is shown in text plain in the developer tools. Is that
> the expected behaviour?
>
>
> [image: keycloak_bug.png]
>
> Thanks in advance!
> --
>
> David Rodríguez Ortiz
>
>
> --
>
> David Rodríguez Ortiz
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list