Tweet
Let's say I deploy a web application through Valence (on the iSeries). I set up Valence to use iSeries user/password. When I pull up the debug console in Chrome, then log into the Valence portal, when I click on the network tab, and inspect the login.pgm action, I can see my userid and password clear as day.
If this application is accessible from outside our network, does that mean our userid and passwords are crossing the web in plain text format?
I did this on a few different websites (my bank, a credit card company, etc), and again, I can see the password in the network tab when the form is submitted. Is this a security concern? If the site is using SSL, does that data pass through encryption prior to being sent back and forth to/from the server?
If this application is accessible from outside our network, does that mean our userid and passwords are crossing the web in plain text format?
I did this on a few different websites (my bank, a credit card company, etc), and again, I can see the password in the network tab when the form is submitted. Is this a security concern? If the site is using SSL, does that data pass through encryption prior to being sent back and forth to/from the server?
Comment