Trace the password when the preserver log is on

Question

2.00/5 (1 vote)

See more:

Hi All,

How could we avoid to trace the password when the preserver log is on in chrome browser

we could find that the password can trace when it is on f12 mode

How to avoid that?.Our project is developing on MVC4.Do we have any changes in webconfig file for preventing this?

Thanks & Regards,
Soumya

Posted 11-Aug-14 3:57am

soumyaraj

Add a Solution

Comments

Nathan Minier 11-Aug-14 10:21am

That should just be at the endpoint, the password is being sent via SSL, correct?

If that's the case you can only do so much to prevent the browser side from doing, well, anything. The best you can do is run browser (and possibly addon) detects and handle the page differently based on that information, but frankly even that can be spoofed.

If you're concerned about information being saved on public systems or snooping on the client side, you're limited to ACLs for intranet (or static) systems or administrative policy controls. You _could_ use a javascript encryption solution, but even that's not secure if you don't trust the client system.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2014-08-11T09:59:00

Sorry, without a single line of a code sample, it's nearly impossible to see what were your mistakes. To get you some general ideas, please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

You have everything to implement the use of cryptographic cache function explained in my answers referenced above.
Client-side: http://code.google.com/p/crypto-js[^].
Server-side, .NET: http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256%28v=vs.110%29.aspx[^].

Still, this is not safe enough if you are not using SSL. Otherwise, even though a malicious intruder cannot get the original password, its hash can be eavesdropped, and then this person can impersonate a customer and then modify a password or do other harm. But the most vulnerable point will be the process of setting up an initial password, if the traffic is eavesdropped. So, try use both SSL and cryptographic hash for passwords.

—SA