Re: [keycloak-user] Password in plain text

Tuesday, 26 February 2019

Hi,

this is pretty normal that a dev tool in browser captures all the data. See
https://security.stackexchange.com/questions/51186/username-and-password-...
.

For production environment you should always set up Keycloak using the
https/ssl. See docs for more
https://www.keycloak.org/docs/latest/server_installation/index.html#setti....
In that case all data will be sent over the network encrypted.

Martin

On Tue, Feb 26, 2019 at 12:34 PM David Rodriguez <
davidrodriguez1317(a)gmail.com&gt; wrote:

...
 Hi. I am just implementing keycloak, and taking a look at the calls,
I see
 that the password is shown in text plain in the developer tools. Is that
 the expected behaviour?

 [image: keycloak_bug.png]

 Thanks in advance!
 --

 David Rodríguez Ortiz

 --

 David Rodríguez Ortiz
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Password in plain text