Plain text username and password

Question

Plain text username and password

Opened this issue 11 years ago · 1 comments

It looks like the client is passing the username and password in clear/plain text in the headers. Anyone who can perform Man-in-the-middle attack can capture client identity.

Answer 1 · 2015-03-20T21:14:34.000Z

To be more safe use HTTPS.