0

Facbook's form data

I'm able to see my credentials here in this picture which is fb's form data

I don't know if that is supposed to be like that or a problem of browser

But for my website, I don't want this in ruby on rails or java.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 1
    TLS encrypts all this data for you – schroeder Dec 21 '18 at 10:20
  • 2
    It is unclear what you are trying to protect from. Developer tools only show what information are available to the browser. If you care about protecting transport of the data use HTTPS/TLS. If you care about protecting the data against manipulation by the end user either don't send them at all or if this is not possible (like data should be read but not modified or they should be transferred to a third party via browser) protect them with signatures or similar generated and verified on the server side. – Steffen Ullrich Dec 21 '18 at 10:25

1 Answers1

2

What you are seeing is your brower's view of the data. Of course it needs to see this data because it needs to process it. Encrypting it so that the browser cannot see it does not make sense.

When it gets transmitted, it goes over a TLS connection which encrypts everything, so no one can see the contents.

For your project, you can do the same thing. If you are concerned, you might be able to obfuscate the data, like encoding it, but ultimately, if someone has access to the user's browser, then they can see everything anyway.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • So you are saying that the data can be seen on end - user's side even if we obfuscate the data using SSL hand shaking . – Bhargav Reddy Dec 21 '18 at 10:45
  • 2
    @BhargavReddy Of course it can be seen on the end user side. The browser needs to see the unencrypted version to do anything with it... It's encrypted _between_ the client and the server. – forest Dec 21 '18 at 10:47
  • Though, Browser shouldn't show the data like that right. – Bhargav Reddy Dec 21 '18 at 10:52
  • @BhargavReddy why not? How do you enter a password and send it to the server for authentication? – schroeder Dec 21 '18 at 10:54