By pandiarajan R on

Hi all,

I am newbie in drupal 8. I need to encrypt a password field via post method in front end . Now password field values are passed plain text via post method url using to view the tamper data or firebug. How do restrict my password field values are hide to plain text in post url method. Any other contributed modules or overriding drupal core user login form code snippets are available there? I will need to implement in my live sites anyone can help me and give suggestion for any ideas to implement this issue in drupal 8.

Categories: Drupal 8.x

Comments

Heine’s picture

Heine commented

https://en.wikipedia.org/wiki/HTTPS

pandiarajan R’s picture

pandiarajan R commented

Hi Heine,
That's is one way i already know heine. I already use encrypt submission module in drupal 7 like this i want to use it in drupal 8 modules. I need custom code snippets or any other contributed modules like this in drupal 8.

Jaypan’s picture

Jaypan commented

If you are working with the API, you should be using https anyways, in which case the values will be encrypted.

pandiarajan R’s picture

pandiarajan R commented

Hi jaypen,
Now currently which forum to be support in drupal questions? or send to active forum links.

Heine’s picture

Heine commented

Why do you need to use "encrypt submission" ? What is your threat model, and why is secure transport not an option or not a sufficient option?

pandiarajan R’s picture

pandiarajan R commented

Hi Heine,
I am not using https in my site. i can run only in http. i am trying to avoid Sensitive Data Exposure threat. Thanks in advance.

Heine’s picture

Heine commented

Client side encryption and submission over HTTP is only security theater. Anyone between your user and server can intercept the jcryption key exchange or just replace JS and HTML to strip it out and thus intercept submitted data.

> i can run only in http.

You are spending wasteful energy on solving this the wrong way. Move servers if necessary. Look into https://letsencrypt.org/