5:27 a.m.
Hi. I am just implementing keycloak, and taking a look at the calls, I see
that the password is shown in text plain in the developer tools. Is that
the expected behaviour?
[image: keycloak_bug.png]
Thanks in advance!
--
David Rodríguez Ortiz
--
David Rodríguez Ortiz
7:18 a.m.
Hi,
this is pretty normal that a dev tool in browser captures all the data. See
https://security.stackexchange.com/questions/51186/username-and-password-...
.
For production environment you should always set up Keycloak using the
https/ssl. See docs for more
https://www.keycloak.org/docs/latest/server_installation/index.html#setti....
In that case all data will be sent over the network encrypted.
Martin
On Tue, Feb 26, 2019 at 12:34 PM David Rodriguez <
davidrodriguez1317(a)gmail.com> wrote:
Hi. I am just implementing keycloak, and taking a look at the calls,
I see
that the password is shown in text plain in the developer tools. Is that
the expected behaviour?
[image: keycloak_bug.png]
Thanks in advance!
--
David Rodríguez Ortiz
--
David Rodríguez Ortiz
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:24 a.m.
Yes, with HTTP protocol, password is sent in plain-text to the server in
the HTTP Post request. Hence it is shown in plain-text. Not sure if
there is any nice way to avoid this?
Marek
On 26/02/2019 12:27, David Rodriguez wrote:
Hi. I am just implementing keycloak, and taking a look at the calls,
I see
that the password is shown in text plain in the developer tools. Is that
the expected behaviour?
[image: keycloak_bug.png]
Thanks in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2143
days inactive
2143
days old
2 comments
3 participants
participants (3)
-
David Rodriguez -
Marek Posolda -
Martin Kanis