Is it okay to use the HTTPS, password for plaintext transmission?

just now on a whim, F12 opened the browser console when logging in to codeshelper and found that the password was transmitted in plaintext and felt incomprehensible.

Apr.29,2021

your client and server establish a trusted link. After establishing a TCP link, the client and server initialize the SSL layer, communicate the encryption parameters, and exchange keys . After that, both sides can pass through. Therefore, the client and server of both sides of the https request know the key, so they can encrypt and decrypt the content, but in the process of transmission, the third party does not know the key, so it cannot be decrypted even if it is intercepted.

however, if you have ever used fiddler or charles to debug and replace online code, you will learn about a man-in-the-middle attack , which can be disguised as a client-server communication to steal the content of the communication (specifically, there are a lot of graphic articles under the search). For example, if you use an unsafe Wi-Fi or something, there will be this risk. Therefore, passwords and the like, especially those designed for money, should be encrypted separately.


Yes, because you sent it yourself, you saw the plaintext, others sent it, and you caught the ciphertext

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e62c49-65fed.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e62c49-65fed.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?