How does web browsers transfer Passwords to origin servers?_问答_开发者

How does web browsers transfer Passwords to origin servers?

开发者 https://www.devze.com 2023-03-19 22:10 出处：网络

My question is simple regarding password security.. As a web application developer using PHP for example, I may design a html form that accepts a username and password and post them to the webserver

My question is simple regarding password security..

As a web application developer using PHP for example, I may design a html form that accepts a username and password and post them to the webserver using the POST method..

My question is:

1- When a user enters a password for this form on a web browser, does this web 开发者_运维问答browser send the password over the network as plaintext and thus insecurely?

2-isn't it possible that the web browser saves all passwords and sends them to the third party that design the web browser?

Thank you in advance

Yes, unless you're using https, which encrypts everything sent between the server and the client.
Sure, but you could use a network sniffer to verify that the browser sends no information to third party servers.

It's sent unencrypted (though possibly obfuscated) if you're using HTTP, or encrypted if you're using HTTPS.
Any mainstream web browser won't do that, no. It would be discovered within seconds of the browser being released. However, it's possible for such a leak to occur by other means, for example:

o A rogue browser plugin

o A rogue proxy on the user's network (if you're using HTTP)

o A keylogger on the user's machine