foreclojure-android icon indicating copy to clipboard operation
foreclojure-android copied to clipboard

Published 20 hours ago verified publisher icon alexander-yakushev

Security: Password sent in the clear

Open phirsch opened this issue 8 years ago • 2 comments

In api/login, password and username are sent to the server in plaintext via http (unencrypted).

This could be improved by using https instead to establish a secure channel. Otherwise, please at least let the user know about this fact unmistakably on the login page.

Thanks!

phirsch avatar Sep 06 '15 22:09 phirsch