Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.

Passwords are not encrypted

I have noticed after you click the login button, the XHR request holds my passwords un-encrypted. and sends it plainly over the internet.
I believe this to be a fundamental issue.
By this i can also assume that passwords are not encrypted on the server side.

It is quite simple to implement SHA-512 encryption or most other effective encryption algorithms into any WebApp. I believe this should be fundamental for any website that requires a user to login..

Comments

  • jf_gelinasjf_gelinas Member Posts: 2
    You are correct a quick session of wireshark has proven i was not able to see my own password despite seeing it in the chrome network debugger.

    It is reassuring to know that passwords are kept safe :)
Sign In or Register to comment.